https://bugzilla.wikimedia.org/show_bug.cgi?id=19472
--- Comment #4 from Tim Starling <[email protected]> 2009-07-02 07:58:33 UTC --- (In reply to comment #3) > Any other workarounds? I haven't any experience with web-apps so did not > realize that this was standard. Sorry! I just felt it was insecure to leave > passwords lying around in plaintext. Oh, BTW maybe I confuse this issue: Since > you mention mysql does that mean that this plaintext pw is only the master pw > for the mysql database? > > Will all the other user assigned passwords not be in plaintext? That I could > live with then! Yes it's only the password for the web server to connect to the database. It is not a password for a human, you do not need to remember it or record it anywhere other than LocalSettings.php, so you can set it to a long random string of characters not used anywhere else. Connections are typically limited by hostname so the effect of a compromise is limited. User passwords are stored in the database and are hashed with a double-round MD5 and a random salt. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
