[buddypress-trac] [BuddyPress] #2445: Wordpress Core Ticket #13866 Allows User Impersonation in BuddyPress

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Wed Jun 16 06:33:43 UTC 2010

#2445: Wordpress Core Ticket #13866 Allows User Impersonation in BuddyPress
 Reporter:  foxly     |       Owner:                                              
     Type:  defect    |      Status:  new                                         
 Priority:  major     |   Milestone:  1.3                                         
Component:  XProfile  |    Keywords:  spoof, display_name, impersonation, XProfile

Comment(by r-a-y):

 Though I agree with your assessment about spoofing / phishing, I think the
 current behaviour for "display_name" is the way it is because people can
 have the same name (eg. John Smith).

 This brings up the question of whether display names should be made less
 prominent on a stock install of BP?

 Let's bring up Twitter as an example.  Like BP's display_name, anyone can
 type anything in Twitter's "Name" field, but because it is only used on
 the profile page, it is less prominent and less susceptible to spoofing.

 A current workaround is to use the "BP Usernames Only" plugin.  This
 changes all instances of "display_name" to "user_login".

Ticket URL: <http://trac.buddypress.org/ticket/2445#comment:1>
BuddyPress <http://buddypress.org/>

More information about the buddypress-trac mailing list