[Bug 27060] Users should be asked for their credentials when setting new email addresses
https://bugzilla.wikimedia.org/show_bug.cgi?id=27060 Krinkle changed: What|Removed |Added Version|1.16.1 |1.16 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 27060] Users should be asked for their credentials when setting new email addresses
https://bugzilla.wikimedia.org/show_bug.cgi?id=27060 Krinkle changed: What|Removed |Added Version|1.16|1.16.x -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 27060] Users should be asked for their credentials when setting new email addresses
https://bugzilla.wikimedia.org/show_bug.cgi?id=27060 Alexandre Emsenhuber [IAlex] changed: What|Removed |Added CC||emufarm...@gmail.com --- Comment #4 from Alexandre Emsenhuber [IAlex] 2011-03-19 18:37:20 UTC --- *** Bug 20185 has been marked as a duplicate of this bug. *** -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 27060] Users should be asked for their credentials when setting new email addresses
https://bugzilla.wikimedia.org/show_bug.cgi?id=27060 MZMcBride changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Comment #5 from MZMcBride 2011-03-19 19:00:42 UTC --- This is duped the wrong way. Fixing. *** This bug has been marked as a duplicate of bug 20185 *** -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 27060] Users should be asked for their credentials when setting new email addresses
https://bugzilla.wikimedia.org/show_bug.cgi?id=27060 Liangent changed: What|Removed |Added Summary|Users should be asked for |Users should be asked for |their passwords when|their credentials when |setting new email addresses |setting new email addresses --- Comment #2 from Liangent 2011-01-31 18:05:50 UTC --- Just a note for someone who implements this: Some authentication extensions use special ways to check users' credentials, assign users invalid password hashes in MediaWiki database and call $user->setCookies() to log users in. In MediaWiki core, extensions should be asked whether they have their own methods to authenticate users. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 27060] Users should be asked for their credentials when setting new email addresses
https://bugzilla.wikimedia.org/show_bug.cgi?id=27060 Bawolff changed: What|Removed |Added CC||bawolff...@gmail.com --- Comment #3 from Bawolff 2011-02-03 04:23:25 UTC --- +1 for this being a good idea. As it stands, I believe the worst case for an XSS vulnrability is to change the email and steal the account. Requiring a password would help mitigate this. (Of course once you have an xss attack, the user is still pretty screwed regardless because you can still use js to vandalize in the users name, or present the user with a very convincing you need to re-login screen to steal their password, etc). -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
