[Wine] Sync use accounts between appdb, wine-bugs and wine-forums

James McKenzie jjmckenzie51 at sprintpcs.com
Sat Mar 15 06:35:10 CDT 2008 

James Hawkins wrote:
> On Fri, Mar 14, 2008 at 9:52 PM, James McKenzie
> <jjmckenzie51 at sprintpcs.com> wrote:
>   
>> TonyLambregts wrote:
>>  > Well Bugzilla is actually CGI not PHP... Whatever... The thing is we should have a unified login for all our sites. We currently have 4 sites that a user can log into. They are:
>>  >
>>  > Bugs (http://bugs.winehq.org): server at CodeVWeavers using CGI and MySql login by email
>>  > AppDb (http://appdb.winehq.org): server at CodeWeavers using PHP and MySql login by email.
>>  > Wiki (http://wiki.winehq.org): server at Lattica using python login by user name.
>>  > Forum (http://forum.winehq.org): server at CodeWeavers using  PHP and ??? login by user name
>>  >
>>  > Bugzilla has the ability to use LDAP already. and extending it to the others  would be the way to go IMO.
>>  >
>>  > We have come a long way in integrating the AppDB and Bugzilla. Integrating the logins would be a huge advantage for application maintainers as well as administrators.
>>  >
>>  > This is not really and original thought since it has been around since 2002. see  bug 560 (http://bugs.winehq.org/show_bug.cgi?id=560)
>>  >
>>  >
>>  >
>>  No.  If one account gets compromised, you are basically up a tree.  I'm
>>  a maintainer in the AppDb.  If my login was compromised, someone with
>>  malicious intent could make my life miserable for a while.  I'd have a
>>  mess to clean up...
>>
>>     
>
> You're fear is unjustified, as you're implying the appdb is inherently
> more secure than the 3 other sites (which I have a feeling you can't
> justify).  You worry that if the logins are unified, your appdb login
> will be compromised.  As it stands, do you really think the appdb on
> its own is bullet-proof, thus you don't worry about that account being
> compromised?
>
>   
James:

No I am not stating that the AppDB is more secure than any of the other 
sites.  What I am saying is that the four sites have different logins 
and that is how they should stay.  If my AppDb information is 
compromised, you cannot get into Bugzilla (I don't even use the same 
login name for the two sites).  If we unify them, then you can and 
definitely 'wreck havoc'.   If you all are really interested, I can go 
into more detail as to why you don't want unified logins, and it has to 
do with levels of security that most folks do not deal with.  I'm not 
going to bore or rant about that here in the mailing list.  The bottom 
line (as they state in business):  Don't use the same login and/or 
password for more than a single web site.  Since the AppDb and Bugzilla 
are technically two different web sites, then that policy should apply.  
Never give up security for the appearance of ease of use.

James McKenzie

More information about the wine-users mailing list