Change Details

When a user changes their password or email address, it will be updated on the wiki where they did the change, and in the global database. It won't be updated in other wikis in the same CentralAuth cluster, however. (Email will be updated when `AuthPlugin::updateUser` is called on that specific wiki; IIRC this only happens when the user logs in manually - via `Special:UserLogin` - on that specific wiki. Password does not seem to be updated at all.) This won't affect MediaWiki's operation as these fields will be read from the global database anyway, but it means that old email addresses and password hashes can persist indefinitely in the database. This arguably violates the [[ http://oecdprivacy.org/#quality | data quality principle ]], a fundamental rule of EU privacy regulation, and is in general a privacy and security problem - we should not store private data that we don't need, much less old passwords which might still be in use somewhere else, or might be used to guess the new password. It can also lead to mistakes when people look for email addresses at the wrong places.

When a user changes their password or email address, it will be updated on the wiki where they did the change, and in the global database. It won't be updated in other wikis in the same CentralAuth cluster, however. (Email will be updated when `AuthPlugin::updateUser` is called on that specific wiki; IIRC this only happens when the user logs in manually - via `Special:UserLogin` - on that specific wiki. Password does not seem to be updated at all.) This won't affect MediaWiki's operation as these fields will be read from the global database anyway, but it means that old email addresses and password hashes can persist indefinitely in the database. This arguably violates the [[ http://oecdprivacy.org/#quality | data quality principle ]], a fundamental rule of EU privacy regulation, and is in general a privacy and security problem - we should not store private data that we don't need, much less old passwords which might still be in use somewhere else, or might be used to guess the new password. It can also lead to mistakes when people look for email addresses at the wrong places. ---- See also: {T57420}

When a user changes their password or email address, it will be updated on the wiki where they did the change, and in the global database. It won't be updated in other wikis in the same CentralAuth cluster, however. (Email will be updated when `AuthPlugin::updateUser` is called on that specific wiki; IIRC this only happens when the user logs in manually - via `Special:UserLogin` - on that specific wiki. Password does not seem to be updated at all.) This won't affect MediaWiki's operation as these fields will be read from the global database anyway, but it means that old email addresses and password hashes can persist indefinitely in the database. This arguably violates the [[ http://oecdprivacy.org/#quality | data quality principle ]], a fundamental rule of EU privacy regulation, and is in general a privacy and security problem - we should not store private data that we don't need, much less old passwords which might still be in use somewhere else, or might be used to guess the new password. It can also lead to mistakes when people look for email addresses at the wrong places. ---- See also: {T57420}