[wp-trac] [WordPress Trac] #27052: Known admin user_id ( = 1 ) could lead to security problems and/or unwanted side-effects
WordPress Trac
noreply at wordpress.org
Sat Feb 8 16:37:04 UTC 2014
#27052: Known admin user_id ( = 1 ) could lead to security problems and/or unwanted
side-effects
-------------------------------------------------+-------------------------
Reporter: ruud@… | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
Component: Upgrade/Install | Review
Severity: normal | Version: 3.8
Keywords: has-patch needs-testing 2nd-opinion | Resolution:
| Focuses:
-------------------------------------------------+-------------------------
Comment (by johnbillion):
Replying to [ticket:27052 ruud@…]:
> As mentioned by Pippin Williamson on his Apply Filters podcast (if I
remember correct), having a admin user_id = 1 could potentially lead to a
security risk when for instance a plugin uses it the wrong way.
If you're writing security enhancements you really need to be a little
more certain about why you're doing it, and provide much more concrete
details about the risk and about the enhancement your patch provides.
Your description goes on to explain what your patch does but you don't
explain why. I suspect I know what risk it's trying to address (blind SQL
injection attacks on known user ID 1) but this isn't explained.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27052#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list