https://bugzilla.wikimedia.org/show_bug.cgi?id=28419
--- Comment #9 from Aryeh Gregor <[email protected]> 2011-05-11 17:59:30 UTC --- That would be a good idea as an optional feature with lots of scary warnings attached. Large sites with good backup policies could make good use of it without worrying much about data loss. For a random MediaWiki site that someone installed and then forgot about, the increase in security is not going to be worth the increase in data-loss risk, since people will reasonably assume that they can restore the database from backup and still have their data. It's not just that the passwords would need to be reset, you can't even test whether a password matches, so all the password data will be effectively destroyed if you lose the key. I suggest that whatever the implementation of the feature is, we make sure the software can detect when password matching fails because of a missing or incorrect secret key (as opposed to a wrong password). Otherwise, all users will just get "password is incorrect" errors, and since the error will be very infrequent (only on sites that set the option and then mess up), Google and #mediawiki will not be very helpful. A dedicated error message will make failures a lot easier to diagnose. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
