[Bug 34237] New: user_token should automatically regenerate when NULL

bugzilla-daemon Mon, 06 Feb 2012 19:15:57 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=34237


       Web browser: ---
             Bug #: 34237
           Summary: user_token should automatically regenerate when NULL
           Product: MediaWiki
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: User login
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified


Currently if a copy of your user table gets leaked out you have to regenerate
the entire user_token column. I'm not even sure we have a user script to do
that.

The User class code should be tweaked so that if a user_token is found to be
NULL when a user is logging in a new one will be generated and the row will be
updated.

This way instead of needing a maintenance script, all it will take to re-secure
the database after a leak would be for the sysadmin to run `UPDATE user SET
user_token = NULL;` and user tokens will be regenerated as needed.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 34237] New: user_token should automatically regenerate when NULL

Reply via email to