https://bugzilla.wikimedia.org/show_bug.cgi?id=25925
MZMcBride <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|increase |Increase |$wgMinimalPasswordLength |$wgMinimalPasswordLength --- Comment #26 from MZMcBride <[email protected]> --- (In reply to comment #24) >> Okay, keep going. They get into someone's account, and then what? I don't see >> the attack scenario. > > Obtain credentials for an admin account, edit a few lines of JS in the MW > namespace, take down wikipedia (or any other website prominently linked from > it, SOPA-style DDoS)? Privileged accounts are mostly a separate discussion (bug 44788). When discussing accounts generally, 99.99% of them are unprivileged. $wgMinimalPasswordLength applies to all accounts. Again, in terms of weighing cost v. benefit, inconveniencing 99.99% of users because .01% of users could maybe be disruptively hacked doesn't seem like a reasonable trade-off. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
