Mark A. Hershberger <> changed:

           What    |Removed                     |Added
             Status|NEW                         |ASSIGNED
                 CC|                            |

--- Comment #11 from Mark A. Hershberger <> 2011-01-27 
00:16:40 UTC ---
While you're looking at this, I can't help but cry a little as I think of all
the entropy that must be wasted because a new value is generated on each page

For example, the text for 1.17 says "Filling in this field with a secret key
will generate an RSS feed for your watchlist. Anyone who knows the key in this
field will be able to read your watchlist, so choose a secure value. Here's a
randomly-generated value you can use:" (and a new MD5 each time).

Meanwhile the textbox already contains a token from (I assume) the time the
user was created.

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Wikibugs-l mailing list

Reply via email to