[wp-hackers] Security: username as class in commenst

g30rg3_x g30rg3x at gmail.com
Wed Mar 11 14:54:20 GMT 2009


Hi Frank,

It actually does not show the login-name/user_login it uses the
user_nicename for populating the class.. this value is just a filtered
version of the login-name/user_login.

This value can separately be changed (directly from DB or well you can
code yourself a plugin for diy) so you can still hide that information
from the public and of course you will solve the /author/<login>
disclosure permalink structure which scribu says.

There are some more trick to avoid disclosing the user_login but as
other people say security through obscurity it's not security but at
least it will delay those moth********... oohh well you get my point
;).

Regards

2009/3/10 Frank Bueltge <frank at bueltge.de>:
> thanks for your answers.
> Yes i know over the old diskuss to this themes.
>
> I think at ir also the same problem and we write us a plguin for rewrite
> this username to md5-code.
> Th login-name is often a secret, a personal syntax ov users and she will not
> publish this.
>
> Thanks for read my bad english
> Frank
>
> http://bueltge.de/
> http://wpengineer.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
/**
CONFIDENTIALITY NOTICE: This message is intended to be viewed only by
the listed recipient(s).
It may contain information that is privileged, confidential and/or
exempt from disclosure under applicable law.
Any dissemination, distribution or copying of this message is strictly
prohibited without our prior written permission.
If you are not an intended recipient, or if you have received this
communication in error, please notify us immediately by return e-mail
and permanently remove the original message and any copies from your
computer and all back-up systems.
*/
_________________________
             g30rg3_x


More information about the wp-hackers mailing list