Page MenuHomePhabricator
Create Task
Maniphest T122375

Segment sensitive data within WMF cluster (tracking)
Open, MediumPublic
Actions

Description

Currently, only Analytics and Fundraising data are segmented within the cluster. We should segment off other sensitive data sources so not everyone with cluster access has access, and to provide some resilience against specific attacks.

Data that should probably be segmented:

  • Password hashes / authentication data
  • CheckUser data
  • Private wikis

Related Objects
Search...

Event Timeline

csteipp created this task.Dec 23 2015, 10:56 PM
csteipp raised the priority of this task from to Medium.
csteipp updated the task description. (Show Details)
csteipp added a project: Security-Team.
csteipp subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 23 2015, 10:56 PM
csteipp added a subtask: T101915: Move private wikis to a dedicated cluster.Dec 23 2015, 10:56 PM
csteipp added a subtask: T120484: Create password-authentication service for use by CentralAuth.
Krenair subscribed.Mar 13 2016, 7:37 PM
Danny_B added a project: Tracking-Neverending.May 5 2016, 7:29 PM
Danny_B renamed this task from (tracking) Segment sensitive data within WMF cluster to Segment sensitive data within WMF cluster (tracking).May 27 2016, 5:43 PM
Danny_B moved this task from Tag to Should be workboard column instead on the Tracking-Neverending board.Jul 16 2016, 2:52 AM
GWicke mentioned this in T140813: Protect sensitive user-related information with a UserData / auth / session service.Jul 19 2016, 7:54 PM
GWicke added a subtask: T140813: Protect sensitive user-related information with a UserData / auth / session service.
MZMcBride subscribed.Sep 16 2016, 4:34 AM
Tgr mentioned this in T183420: Authentication data should not be available through the normal DB abstraction layer.Dec 20 2017, 9:23 PM
Bawolff edited projects, added acl*security; removed Security-Team.Sep 4 2018, 3:45 PM
chasemp added a project: Security.Feb 10 2020, 10:59 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:07 PM
Aklapper edited projects, added Epic, WMF-General-or-Unknown; removed Tracking-Neverending.May 18 2020, 9:52 PM
Framawiki subscribed.Aug 12 2020, 9:40 PM
Aklapper closed subtask T101915: Move private wikis to a dedicated cluster as Declined.Nov 20 2020, 8:05 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL