https://bugzilla.wikimedia.org/show_bug.cgi?id=30636
MZMcBride <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #21 from MZMcBride <[email protected]> 2011-09-24 20:50:53 UTC --- (In reply to comment #16) > In no circumstances is administrators knowing other users' plaintext passwords > a sensible security policy, even on a managed wiki (of which I run several). > I'd be happy to consider implementing either a SwitchUser functionality or a > root password, both with proper logging. Plenty of organizations have standard passwords for all users. It keeps administration much, much simpler. Site security is important—to a point. Not every MediaWiki installation needs state of the art security and there's really nothing to stop people from creating MediaWiki accounts with the same, simple password. On-wiki logging would be nice, but it's just as simple for someone to take the plaintext MySQL password from LocalSettings.php and do direct database manipulation. Or run eval.php or a maintenance script. Site admins can already do everything, it's simply a matter of making it slightly safer (on-wiki form versus command line hackery). Let's be reasonable in the approach taken here and not pretend as though admins knowing passwords or being able to quietly reset them is anything new. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
