User talk:MikeMol: Difference between revisions
→cloudflare issue: expiry, not reset.
(→cloudflare issue: time range, severity, scope) |
(→cloudflare issue: expiry, not reset.) |
||
Line 53:
: Good point; I should only need to expire passwords for accounts touched during the affected period. However, understand that RC didn't need to have those features enabled to be affected; those features resulted in the client being sent data that was resident in memory on Cloudflare's systems, they didn't have control over whether data would be in that memory in the first place; if someone logged into RC, their credentials would be in memory for a time. Then someone else makes a request from some other site with those features enabled, and they would get some chunk of Cloudflare's server's memory sent to them. This is a very, very common misunderstanding from people who've only read Cloudflare's blog post on the subject, and Cloudflare has unfortunately downplayed the severity and scope of the issue. --[[User:Short Circuit|Michael Mol]] ([[User talk:Short Circuit|talk]]) 04:33, 25 February 2017 (UTC)
: The expiry process *should* allow one login using the old password, requiring the user to set a new password before proceeding. It's not a reset, but an expiry. I chose that approach because not everyone even has their email address loaded in... --[[User:Short Circuit|Michael Mol]] ([[User talk:Short Circuit|talk]]) 04:34, 25 February 2017 (UTC)
==Is file uploading blocked forever?==
| |||