[wp-hackers] Default User Setup

Sebastian Herp newsletter at scytheman.net
Sun Feb 6 01:51:50 GMT 2005


Craig Hartel wrote:

> Yeah, we should let users set "abc123" or "rover" "spot" or "kitty" or 
> whatever they want. Cutting and pasting is asking a lot of people, I 
> agree. We could force users to create a more secure password by 
> forcing mIxeD CAse and alphanumer1c but then that would be asking too 
> much of the users as well.

;-) very good ...

> The first account created should be the admin account. Most people 
> doing the install are, in fact, the admins. However, maybe once they 
> have successfully set up the blog they are forced to create a 
> non-admin account. Just don't ask people to cut and paste...it's too 
> much to ask.

Yes it is. The first account would be the admin account, but should it 
really be named "admin"? I mean it does make brute force attacks a lot 
easier if you only have to guess the password ...

The user already has to provide a database user and password, why 
shouldn't he/she provide another pair of data for the admin account? 
However, if copy and paste really is too much for the average user, then 
nevermind ;-)

Sebbi


More information about the hackers mailing list