[wp-hackers] Wordpress User Authentication
Alex
nessence at gmail.com
Fri Jun 18 19:16:23 UTC 2004
I'd be curious if there was an API hook for this (I don't see one).
It'd be nice to be able to include one PHP file from WP that had API
access. So, you could run a function like
check_user_auth($user, $pass);
within a seperate non-WP script. This increases exposure of the
scripts to exploit, so might be done carefully. (Mainly for shared
hosting...if the script was able to be read/executed by another user -
eg, a shard apache1.3 hosting environment, then it could be brute
forced).
Such a feature would be best disabled by default. Or, have some type
of key issuance for remote scripts. Similar to amazon or google's
APIs. You are given a randomly generated key, and you put that in your
scripts. Otherwise, your [external] scripts can't utilize the API.
Just a few ideas there.
Alex
----- Original Message -----
From: Brian Groce <wp at briangroce.com>
Date: Fri, 18 Jun 2004 14:03:25 -0500
Subject: [wp-hackers] Wordpress User Authentication
To: hackers at wordpress.org
Have any of you used the Wordpress user
authentication either outside of Wordpress and/or on other Wordpress
blogs on the same server?
What I'm wanting to do is create a single-signon for both of these
scenarios...one table of users, not multiple tables for each area.
Separate tables for the rest of the data is fine.
This is somewhat similar to "multiple blogs", but with the
addition of being able to protect other non-blog areas (for example a
calendar).
Anyway, just throwing this out there to see if anyone else is doing this
sort of thing before I go and try to hack away at it.
Thanks,
Brian
http://briangroce.com
noname - 1K Download
More information about the hackers
mailing list