https://bugzilla.wikimedia.org/show_bug.cgi?id=21912

Mark A. Hershberger <m...@everybody.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |m...@everybody.org

--- Comment #11 from Mark A. Hershberger <m...@everybody.org> 2011-01-27 
00:16:40 UTC ---
While you're looking at this, I can't help but cry a little as I think of all
the entropy that must be wasted because a new value is generated on each page
load.

For example, the text for 1.17 says "Filling in this field with a secret key
will generate an RSS feed for your watchlist. Anyone who knows the key in this
field will be able to read your watchlist, so choose a secure value. Here's a
randomly-generated value you can use:" (and a new MD5 each time).

Meanwhile the textbox already contains a token from (I assume) the time the
user was created.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to