[pmwiki-users] URGENT: Global Password Reset

Patrick R. Michaud pmichaud at pobox.com
Tue Aug 2 10:33:48 CDT 2005


On Mon, Aug 01, 2005 at 10:21:29AM -0400, Ryan D'Baisse wrote:
>    I am currently running v2.0 beta 19.  Someone has learned the password
>    that I used for securing private sections of my wiki (the same password
>    was used for pages, groups, etc.).  I have changed the password within the
>    configuration file, but need to reset what is stored for the other
>    resources.  Is this possible?  If so, how?

A quick solution may be to simply invalidate the compromised
password(s) entirely:

    $ForbiddenPasswords = array('secret', 'tanstaafl');
    if (in_array($ForbiddenPasswords, @$_POST['authpw')) 
      unset($_POST['authpw']);

This prevents 'secret' and 'tanstaafl' from ever being used as a
valid authorization password, regardless of what pages may be
using it.

Pm




More information about the pmwiki-users mailing list