Re: Sync use accounts between appdb, wine-bugs and wine-forums

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



James Hawkins wrote:
On Fri, Mar 14, 2008 at 9:52 PM, James McKenzie
<jjmckenzie51@xxxxxxxxxxxxx> wrote:
TonyLambregts wrote:
 > Well Bugzilla is actually CGI not PHP... Whatever... The thing is we should have a unified login for all our sites. We currently have 4 sites that a user can log into. They are:
 >
 > Bugs (http://bugs.winehq.org): server at CodeVWeavers using CGI and MySql login by email
 > AppDb (http://appdb.winehq.org): server at CodeWeavers using PHP and MySql login by email.
 > Wiki (http://wiki.winehq.org): server at Lattica using python login by user name.
 > Forum (http://forum.winehq.org): server at CodeWeavers using  PHP and ??? login by user name
 >
 > Bugzilla has the ability to use LDAP already. and extending it to the others  would be the way to go IMO.
 >
 > We have come a long way in integrating the AppDB and Bugzilla. Integrating the logins would be a huge advantage for application maintainers as well as administrators.
 >
 > This is not really and original thought since it has been around since 2002. see  bug 560 (http://bugs.winehq.org/show_bug.cgi?id=560)
 >
 >
 >
 No.  If one account gets compromised, you are basically up a tree.  I'm
 a maintainer in the AppDb.  If my login was compromised, someone with
 malicious intent could make my life miserable for a while.  I'd have a
 mess to clean up...


You're fear is unjustified, as you're implying the appdb is inherently
more secure than the 3 other sites (which I have a feeling you can't
justify).  You worry that if the logins are unified, your appdb login
will be compromised.  As it stands, do you really think the appdb on
its own is bullet-proof, thus you don't worry about that account being
compromised?

James:

No I am not stating that the AppDB is more secure than any of the other sites. What I am saying is that the four sites have different logins and that is how they should stay. If my AppDb information is compromised, you cannot get into Bugzilla (I don't even use the same login name for the two sites). If we unify them, then you can and definitely 'wreck havoc'. If you all are really interested, I can go into more detail as to why you don't want unified logins, and it has to do with levels of security that most folks do not deal with. I'm not going to bore or rant about that here in the mailing list. The bottom line (as they state in business): Don't use the same login and/or password for more than a single web site. Since the AppDb and Bugzilla are technically two different web sites, then that policy should apply. Never give up security for the appearance of ease of use.

James McKenzie



[Index of Archives]     [Gimp for Windows]     [Red Hat]     [Samba]     [Yosemite Camping]     [Graphics Cards]     [Wine Home]

  Powered by Linux