Last modified: 2014-07-07 18:03:44 UTC
I was doing more SUL audit stuff, and discovered that some private wikis are in centralauth's localuser table. mysql:sul@dbstore1002 [centralauth]> select count(*) from localuser where lu_wiki="internalwiki"; +----------+ | count(*) | +----------+ | 3 | +----------+ 1 row in set (0.00 sec) Additionally 1 from comcomwiki, 1 from officewiki, and 1 from otrs_wikiwiki. There are also some 40 accounts from foundationwiki, but that's not a private wiki (foundationwiki is also in the localnames table). I think this is left over from some point in 2008 when those wikis were SUL linked? All the timestamps are from March 13, 2008. Filing this as a security bug since this information is also replicated to Labs, and is leaking a (very small) subset of those wiki's user tables. This will also cause issues if any of those users are globally renamed. My proposed solution is to just delete those rows.
I think we can delete them.
Done.