Last modified: 2011-04-30 01:21:37 UTC
The user passwords are seen in plaintext in the LocalSettings.php file under the variable "$wgDBpassword". Shouldn't these be hashed or encrypted? Under Linux it is rare to have the passwords stored unencrypted. Isn't this insecure? What if the users are using the same passwords anywhere else?
I know that the permissions on LocalSettings.php are supposed to be pretty restrictive yet I feel having the plaintext passwords hanging around is insecure and unnecessary. The fix could be a simple hash comparison (unless I am missing some php limitation)
The password needs to be delivered to MySQL in plain text, so MediaWiki needs to store it in plain text. This is true of any web application.
Any other workarounds? I haven't any experience with web-apps so did not realize that this was standard. Sorry! I just felt it was insecure to leave passwords lying around in plaintext. Oh, BTW maybe I confuse this issue: Since you mention mysql does that mean that this plaintext pw is only the master pw for the mysql database? Will all the other user assigned passwords not be in plaintext? That I could live with then!
(In reply to comment #3) > Any other workarounds? I haven't any experience with web-apps so did not > realize that this was standard. Sorry! I just felt it was insecure to leave > passwords lying around in plaintext. Oh, BTW maybe I confuse this issue: Since > you mention mysql does that mean that this plaintext pw is only the master pw > for the mysql database? > > Will all the other user assigned passwords not be in plaintext? That I could > live with then! Yes it's only the password for the web server to connect to the database. It is not a password for a human, you do not need to remember it or record it anywhere other than LocalSettings.php, so you can set it to a long random string of characters not used anywhere else. Connections are typically limited by hostname so the effect of a compromise is limited. User passwords are stored in the database and are hashed with a double-round MD5 and a random salt.
Actually all along I've wanted to share my LocalSettings.php on the net directly so everybody could see the whizbang techniques I use. OK, I could probably include() a separate file that contained the secrets like passwords and $wgSpamRegex at little extra overhead...