Last modified: 2006-12-17 00:52:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T9078, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 7078 - A throttle to new password requests for Wikimedia wikis
A throttle to new password requests for Wikimedia wikis
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Normal normal with 5 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-21 00:00 UTC by bdk
Modified: 2006-12-17 00:52 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description bdk 2006-08-21 00:00:04 UTC 
According to bug 5370 and bug 6003 (note Rob's comment there)
support for a throttle to new password requests is already in the code. 

Please enable it on Wikimedia wikis. The need for it is supposed to be well known.
Comment 1 Tristan Miller 2006-10-20 23:57:56 UTC 
*** Bug 7639 has been marked as a duplicate of this bug. ***
Comment 2 Tristan Miller 2006-10-21 00:04:08 UTC 
See also Bug 6427, which proposes that blocked users/IPs should also be blocked
from requesting password reminders.
Comment 3 Invalid Account 2006-12-05 18:45:35 UTC 
Has this bug been fixed on mediawiki releases (e.g. 1.8.2?) or just for the wikimedia sites? Or is 
there an extention for this? I sent many emails to people and they would not ever answer. MANY 
wikis are getting hit with this and the wikimedia foundation just does not answer.
Comment 4 Rob Church 2006-12-05 18:50:07 UTC 
There's support for throttling *in the code*, but last I heard, it's switched
off on Wikimedia sites due to shared memory caching incompatibilities, or somesuch.

I guess we might need to think about some other throttling mechanism...
Comment 5 Invalid Account 2006-12-05 18:52:13 UTC 
Tim Starling claimed he fixed it back in October a week or two after 1.8.2 came out.  
http://mail.wikipedia.org/pipermail/wikipedia-l/2006-October/045713.html
Comment 6 Raimond Spekking 2006-12-05 18:52:47 UTC 
fixed with r17217 by Tim Starling. See [[MediaWiki:throttled-mailpassword]] too.
The actual default for Wikimedia sites is one password / 24 hours
Comment 7 Invalid Account 2006-12-05 19:24:35 UTC 
To Rob Church's comment, it appears to be throttling on wikipedia.

From looking through the r17217, it's clearly not going to officially be released until the next 
MediaWiki release and r17217's changes may even have caused problems and so later update change(s) 
(burried somewhere in the diffs) were needed.

Maybe the problem was that it wants some SQL changes.  I see "ALTER TABLE user ADD user_newpass_time 
char(14) binary;" as a definite, as well as some maintenance scripts of who knows what needs to be 
run and what doesn't.
Comment 8 Invalid Account 2006-12-06 02:04:52 UTC 
It would also be good if they could add a throttling function so nobody can send email bombs, too.
Comment 9 Invalid Account 2006-12-17 00:48:19 UTC 
I hope this comes out in the next release. Messing around in undocumented, poorly described stuff can 
damage SQL. I found that out the hard way when I tried running the compress old revisions program, 
which it turns out has been broken since version 1.5 and it's not been mentioned but scantly on a few 
forums only found after long google searching.
Comment 10 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-12-17 00:52:21 UTC 
Releases are snapshot of trunk, so this will come out in the next release, 1.9,
in January.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links