[wp-hackers] Credential Storage
Brian Layman
wp-hackers at thecodecave.com
Sun Jan 30 22:25:23 UTC 2011
I have a plugin that integrates WordPress with a blogger's Ning
community. It provides some user credential synchronization and basic
status updating.
The project main feature is that the same username and password grants
access to both the WordPress and Ning applications. I've been planning
to add this plugin to the WP.org repository for two years now. One of
the areas that has always concerned me and what is preventing me from
sharing this code is the handling of the credentials.
When working with a single login system, you have the advantages of
using a one way hash. When your code needs to login to another system
not built to provide tokens et al, you obviously don't have that
advantage. So, what would you recommend? I mean is there anything that
I can do that would provide a decent level of security that will prevent
people using this plugin as a harvesting tool for abusive actions? If
there isn't then maybe this a tool that is best not shared? Should I
make it a premium plugin so that people feel that there is a record
associated with it?
Lots of people have asked for a WordPress/Ning Bridge, I just don't want
to make it easy for people to abuse the feature. So rot13 is not the way
to go, but is anything else really any better?
--
Brian Layman
http://eHermitsInc.com
Managed WordPress Hosting
More information about the wp-hackers
mailing list