Manual talk:$wgCookiePrefix
Add topicLatest comment: 2 months ago by Nicole Sharp in topic Having the default cookie prefix being the database name is bonkers!!
| This page used the Structured Discussions extension to give structured discussions. It has since been converted to wikitext, so the content and history here are only an approximation of what was actually displayed at the time these comments were made. |
Having the default cookie prefix being the database name is bonkers!!
[edit]That's like putting half your pin number on your face - or making it your email address Bldcaveman (talk) 14:05, 22 February 2019 (UTC)
- Okay - it's not like it's super easy from there but it shouldn't be there really. Bldcaveman (talk) 14:07, 22 February 2019 (UTC)
- There's no reason it can be any security treat. Please stop freaking about this or demonstrate how it can be harmful. Ciencia Al Poder (talk) 11:58, 24 February 2019 (UTC)
- I just came across this and don't understand why it defaults to the database name, too. On some hosts you can derive the ssh/ftp username from the datebase name. Thus, in my opinion, it would be better to default the name to the sitename for example. What do you think? Stefahn (talk) 15:28, 24 May 2021 (UTC)
- This should default to a randomly generated string and not the database name. Nicole Sharp (talk) 10:26, 16 January 2025 (UTC)
- FYI, the database name is also revealed very publicly in the XML export. I think that the database name should be removed from the XML export as well as a matter of cautionary practice but shouldn't really be any more of a security risk than knowing someone's wikiusername. Nicole Sharp (talk) 15:47, 16 January 2025 (UTC)