[00:06:10] hey all, I am doing an update to my ubuntu from 18.04 to 19.04. Im wondering if there is a way to backup or protect my mediawiki (Its completely local and offline) so I don't have to reconfigure it again. [00:07:43] can I simply compress `/var/www/html/mediawiki` into a tarball and restore it if I need to? [00:07:47] or is it more complicated? [00:09:13] back up the database and the directory [00:10:25] !backup | Woodpecker [00:10:25] Woodpecker: See http://www.mediawiki.org/wiki/Manual:Backing_up_a_wiki for information about backing up your wiki. For restoring your wiki, see http://www.mediawiki.org/wiki/Manual:Moving_a_wiki#Import_the_database_backup for more. If you don't have database access, try !grabber. [00:10:58] thanks [00:11:08] crap, can't remember my mysql password [00:11:34] it should be in LocalSettings.php [00:12:56] ohh thanks [00:14:15] wow... password stored in plaintext... Not sure how I feel about that, lol [00:21:47] Woodpecker, ... how else do you expect MediaWiki, or any other software, to authenticate with MySQL? [00:22:22] there are other possible ways, like ip address, username, key, etc [00:22:32] username from local machine I mean [00:22:39] username is no good [00:22:59] IP address is pointless if this is all on a single box, may as well just have no password at all if you'd be happier with that [00:23:19] key would also need to be stored so MW could read it [00:23:36] it depends on what your situation is, on a subnet you trust, things can be different [00:24:15] in any case IP restrictions would be something you'd apply in addition to a password [00:26:06] Krenair: tis a good question. I have issues myself with my own scripting, when I need to store a password. Its been something Ive been meaning to ask on the SoftwareEngineering stackexchange. Maybe it should be compiled in source, and encrypt the source file. [00:26:47] you realise at some point you'll need to store a decryption key to decrypt the file, right? [00:30:08] Krenair: Im thinking of it from a c++ perspective. My idea (untested, throwing it out there) would be to store the password in a `.cpp` source file, and just encrypt that source file. Only decrypt it when you want to compile the program. After compiling, you would not need to enter any password to run it. [00:30:39] what? [00:30:57] so [00:31:12] hang on [00:31:16] what's C++ got to do with anything? [00:31:47] you realise that the decrypted password would still be decrypted inside the compiled program? [00:31:55] Well, c++ is compiled, unlike something like python which is interpreted. Thats all I mean. [00:32:05] what [00:32:16] this is true but I have no idea what relevance it has to this [00:34:00] it would be decrypted, yes, but it would take more effort to grab. [00:34:45] like maybe with the unix strings utility? [00:35:17] mmmm never heard of that. Is that just a hex editor? [00:35:21] * Woodpecker checks [00:36:11] Krenair: ah, so and here comes the brilliant part of my plan [00:37:13] Krenair: you choose a password that looks like programming gobbly gook. [00:37:38] security through obscurity is rarely very helpful [00:38:24] well then, I'm stumped. [00:39:14] if your attacker does not have the skill to extract it from the binary, they could probably run the program and watch it communicate with MySQL, and extract the password that way [00:40:12] Krenair: I got it. [00:41:16] do this solution: For every password attempt, you have to pay 1 cent. So if someone is trying to brute force you, you'll become rich before they crack the code. [00:41:28] Email should have been done this way. [00:41:43] 1 cent per email would have eliminated 99% of spam [19:48:07] Hi, There is anyway to "raw" query the mediawiki db and show it somehow? [19:48:19] without any middle language of an extension [19:52:43] not sure if I understand? [19:52:50] you can connect to the mysql database from the command line [19:53:22] I mean: There is an easy way to create a page that will display a custom query an the db? [19:53:49] when the query is "pure" plsql (or, without any intermediate langauge) [19:54:08] a page on your mediawiki instance or any kind of page? [19:54:17] mediawiki ofc :) [19:54:34] maybe someone has already made an extension for that [19:54:41] I know cargo and semanticwiki, but they are require a specific "language" [19:57:32] a specific language is the most sane way to prevent arbitrary sql injection in queries [19:58:00] yeah, the correct way to do this I guess would be through a mysql user that can only execute SELECT queries or something [19:58:40] that could be problematic too but less so than a user that can modify the db [19:59:07] @Vulpix, agree [19:59:25] That was just a general question, to my case, a stored procedure will be ok also [19:59:43] Do you know a way to achieve something like that? [19:59:45] what does a stored procedure have to do with it? [20:00:56] The original problem is that those middle languages probably havnt all the plsql features, so im limited when writing "queries" [20:01:33] So if i can write the query in normal sql, and than call it, it will cover 80% of the usage [20:02:12] still don't understand why you are talking about stored procedures [20:03:08] if i could write some predefined sql queries (which allow me to have all the features of plsql), and than call them within a mediawiki page [20:03:16] This is not doable in cargo\semanticwiki [20:04:00] sounds like you will need to write an extension [20:04:38] Just hoped that someone know a way without it :( [20:07:54] Can't you code that query into a view, and then query the view from cargo as if it were a table? [20:09:47] That a great idea, i dunno if i can query non-cargo tables from cargo but ill try [20:12:31] If cargo can't, any extension that allows to query a single table at least (in case one exists, which I don't know) [20:14:12] Seems like cargo is not able to do this :( ill check other extensions ty