(Tim Starling <ts4294967296(a)hotmail.com>)m>):
If we really want to be serious about security we'll have to use
ssl for login, but I don't know how to do that.
That's entirely too paranoid. Frankly, I don't see much need
for high security of Wikipedia logins. It's not like we're
storing medical records. (Oh my God! My neighbor might find
out that I like the "Nostalgia" skin!) The only real risk is
that someone might log in as me and make edits in my name, but
then I'd just disavow them and change my password.
The present saltless-md5 was an improvement over the original
code which had passwords in plain text in the database where
any sysop could see them all with a select; /that/ was probably
a bit too loose :-), so I md5'd them. If making a slightly
better encrypted version improves things with no hassle, that's
fine too. But let's not get worked up over nothing.
--
Lee Daniel Crocker <lee(a)piclab.com> <http://www.piclab.com/lee/>
"All inventions or works of authorship original to me, herein and past,
are placed irrevocably in the public domain, and may be used or modified
for any purpose, without permission, attribution, or notification."--LDC