[wp-trac] Re: [WordPress Trac] #6413: Add custom prefix to
cookie-names
WordPress Trac
wp-trac at lists.automattic.com
Thu Mar 27 09:41:11 GMT 2008
#6413: Add custom prefix to cookie-names
-------------------------+--------------------------------------------------
Reporter: webrocker | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Comment (by Webrocker):
Replying to [comment:2 westi]:
> Giving away the db prefix in the cookie name sounds like bad security fu
to me.
> [[br]]
>
> You would be giving a hacker extra information about your blog.
> [[br]]
hi, thanks for the fast response.
[[br]]
yes, giving away the prefix that's used for the db-tables is indeed a bad
idea, and adding another prefix-option in wp-config for the cookies will
most likely result in users choosing the same prefix for both.
[[br]]
I'm not sure how the exploit works, but DD32's comments make sense to me.
[[br]]
thanks again
--
Ticket URL: <http://trac.wordpress.org/ticket/6413#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list