Do not store watchlisttoken in user_properties table
Open, MediumPublic
Actions

Assigned To

None

Authored By

	Nikerabbit
	Apr 1 2014, 9:17 AM

Description

Even though user_properties are not public, there are extension which provide aggregate numbers on those, given that most the data is just about yes/no or chosen about predefined alternatives, or semi-public anyway like gender.

I would prefer if watchlisttoken was not stored in user_properties table to avoid it accidentally leaking due the above reasons.

This would also solve bug 55661.

Version: 1.23.0
Severity: normal

Details

Reference: bz63354

Related Objects

Mentioned In: T352823: Split user table to multiple tables
T267013: How to replace deprecated User::getTokenFromOption for the watchlisttoken?

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:03 AM

• bzimport added a project: MediaWiki-Core-Preferences.

• bzimport set Reference to bz63354.

• bzimport added a subscriber: Unknown Object (MLST).

Nikerabbit created this task.Apr 1 2014, 9:17 AM

• werdna unsubscribed.Dec 10 2014, 5:23 PM

PerfektesChaos added a project: Privacy.Apr 25 2015, 9:17 PM

PerfektesChaos set Security to None.

DannyS712 added a project: Schema-change.Nov 22 2019, 7:08 PM

DannyS712 subscribed.Nov 22 2019, 7:49 PM

Where should it be stored instead? The user table? Suggest declining

• JFishback_WMF moved this task from Intake to Backlog on the Privacy board.Mar 24 2020, 3:09 PM

Umherirrender mentioned this in T267013: How to replace deprecated User::getTokenFromOption for the watchlisttoken?.Nov 2 2020, 12:40 PM

Bugreporter mentioned this in T352823: Split user table to multiple tables.Dec 6 2023, 12:04 AM

Do not store watchlisttoken in user_properties tableOpen, MediumPublicActions

Description

Details

Related Objects

Event Timeline

Do not store watchlisttoken in user_properties table
Open, MediumPublic
Actions