https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
Chris Steipp cste...@wikimedia.org changed:
What|Removed |Added
Blocks||67536
--
You are
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #8 from Jeroen De Dauw jeroen_ded...@yahoo.com ---
Regardless, I'm pretty sure we're not going to change our minds about
security review by debating in a bug.
Not sure debate is happening. I never even asked to change the
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #7 from Nik Everett neverett+bugzi...@wikimedia.org ---
(In reply to Chris Steipp from comment #6)
(In reply to Jeroen De Dauw from comment #5)
Given that, I'm not sure it makes sense to do a real security review of
these
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #4 from Chris Steipp cste...@wikimedia.org ---
Hi guys, can you explain the reasoning for using doctrine's DBAL and Symphony's
console, instead of the standard MediaWiki classes? Reviewing those (~80 kloc)
is going to take some
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #5 from Jeroen De Dauw jeroen_ded...@yahoo.com ---
The MediaWiki code is not reusable - it's bound to the rest of the MediaWiki
framework. Both the code itself and the things it's bound to have serious
design issues, little test
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #6 from Chris Steipp cste...@wikimedia.org ---
(In reply to Jeroen De Dauw from comment #5)
Given that, I'm not sure it makes sense to do a real security review of
these components. Is WMF doing security reviews of other tools it
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #2 from Jeroen De Dauw jeroen_ded...@yahoo.com ---
As far as I can tell, the offset parameter is limited to 50, and can thus not
cause full index scans. Is that wrong?
If we would want to allow further pagination, using a
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #3 from Sergey Vladimirov vlser...@gmail.com ---
Sorry, i didn't notice the limit in API declaration. In this case... well, it's
just unusable from my point of view. But it is not a security concern, of
course :-)
I hope changed
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
Sergey Vladimirov vlser...@gmail.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
Nik Everett neverett+bugzi...@wikimedia.org changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
Lydia Pintscher lydia.pintsc...@wikimedia.de changed:
What|Removed |Added
Priority|Unprioritized |Highest
11 matches
Mail list logo
