https://bugzilla.wikimedia.org/show_bug.cgi?id=45716
Web browser: ---
Bug ID: 45716
Summary: Password hashes should not be stored in live User
objects
Product: MediaWiki
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: User login
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Classification: Unclassified
Mobile Platform: ---
Bugs like bug 43518 where raw User objects are accidentally exposed would be
much less frightening if things like the password hashes weren't included in
the live object.
Ideally we should only look up a hash when comparing against it, and shouldn't
keep it in memory the rest of the time.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
