[wp-hackers] Default User Setup
Sebastian Herp
newsletter at scytheman.net
Sun Feb 6 01:51:50 GMT 2005
Craig Hartel wrote:
> Yeah, we should let users set "abc123" or "rover" "spot" or "kitty" or
> whatever they want. Cutting and pasting is asking a lot of people, I
> agree. We could force users to create a more secure password by
> forcing mIxeD CAse and alphanumer1c but then that would be asking too
> much of the users as well.
;-) very good ...
> The first account created should be the admin account. Most people
> doing the install are, in fact, the admins. However, maybe once they
> have successfully set up the blog they are forced to create a
> non-admin account. Just don't ask people to cut and paste...it's too
> much to ask.
Yes it is. The first account would be the admin account, but should it
really be named "admin"? I mean it does make brute force attacks a lot
easier if you only have to guess the password ...
The user already has to provide a database user and password, why
shouldn't he/she provide another pair of data for the admin account?
However, if copy and paste really is too much for the average user, then
nevermind ;-)
Sebbi
More information about the hackers
mailing list