[pmwiki-users] URGENT: Global Password Reset
Patrick R. Michaud
pmichaud at pobox.com
Tue Aug 2 10:33:48 CDT 2005
On Mon, Aug 01, 2005 at 10:21:29AM -0400, Ryan D'Baisse wrote:
> I am currently running v2.0 beta 19. Someone has learned the password
> that I used for securing private sections of my wiki (the same password
> was used for pages, groups, etc.). I have changed the password within the
> configuration file, but need to reset what is stored for the other
> resources. Is this possible? If so, how?
A quick solution may be to simply invalidate the compromised
password(s) entirely:
$ForbiddenPasswords = array('secret', 'tanstaafl');
if (in_array($ForbiddenPasswords, @$_POST['authpw'))
unset($_POST['authpw']);
This prevents 'secret' and 'tanstaafl' from ever being used as a
valid authorization password, regardless of what pages may be
using it.
Pm
More information about the pmwiki-users
mailing list