[Bug 19472] New: user passwords are visible in plaintext in LocalSettings.php

Wed, 01 Jul 2009 23:23:36 -0700 

https://bugzilla.wikimedia.org/show_bug.cgi?id=19472

           Summary: user passwords are visible in plaintext in
                    LocalSettings.php
           Product: MediaWiki
           Version: 1.15.0
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: User login/settings
        AssignedTo: [email protected]
        ReportedBy: [email protected]


The user passwords are seen in plaintext in the LocalSettings.php file under
the variable "$wgDBpassword".

Shouldn't these be hashed or encrypted? Under Linux it is rare to have the
passwords stored unencrypted. Isn't this insecure? What if the users are using
the same passwords anywhere else?


-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to