On Fri, Mar 14, 2008 at 9:52 PM, James McKenzie <jjmckenzie51@xxxxxxxxxxxxx> wrote: > > TonyLambregts wrote: > > Well Bugzilla is actually CGI not PHP... Whatever... The thing is we should have a unified login for all our sites. We currently have 4 sites that a user can log into. They are: > > > > Bugs (http://bugs.winehq.org): server at CodeVWeavers using CGI and MySql login by email > > AppDb (http://appdb.winehq.org): server at CodeWeavers using PHP and MySql login by email. > > Wiki (http://wiki.winehq.org): server at Lattica using python login by user name. > > Forum (http://forum.winehq.org): server at CodeWeavers using PHP and ??? login by user name > > > > Bugzilla has the ability to use LDAP already. and extending it to the others would be the way to go IMO. > > > > We have come a long way in integrating the AppDB and Bugzilla. Integrating the logins would be a huge advantage for application maintainers as well as administrators. > > > > This is not really and original thought since it has been around since 2002. see bug 560 (http://bugs.winehq.org/show_bug.cgi?id=560) > > > > > > > No. If one account gets compromised, you are basically up a tree. I'm > a maintainer in the AppDb. If my login was compromised, someone with > malicious intent could make my life miserable for a while. I'd have a > mess to clean up... > You're fear is unjustified, as you're implying the appdb is inherently more secure than the 3 other sites (which I have a feeling you can't justify). You worry that if the logins are unified, your appdb login will be compromised. As it stands, do you really think the appdb on its own is bullet-proof, thus you don't worry about that account being compromised? -- James Hawkins