[wp-hackers] Plugin update & security / privacy
Mark Jaquith
mark.wordpress at txfx.net
Mon Sep 24 05:21:28 GMT 2007
On Sep 24, 2007, at 12:59 AM, Matt Mullenweg wrote:
> URLs are useful unique identifiers and in my opinion the best one
> to use on the web. You can normalize them, organize them by domains
> and subdomains, look for odd characters or paths, create stats by
> TLDs, map them to hosting providers, use them as a basis for a
> crawl, and associate them with WordPress.org profiles. MD5s are
> unique, but don't have a lot of value beyond that, and even a
> capitalization or trailing slash change will change the whole MD5.
> There are also things I think we haven't imagined yet that could
> make URLs useful. Maybe a .org toolbar that ties into your .org
> profile and makes it easy to manage multiple blogs and tie them
> together. If by the time 2.5 comes around we're still not doing
> anything useful with it then we can re-examine it.
>
> I don't think an MD5 would be significantly more anonymous either.
> Anyone with a list of URLs could associate the md5 with a URL just
> by pre-computing the URL MD5s and comparing. So they would be
> different, but not really better. You'd have to add a salt of some
> kind. We're hours from the release arguing about a bikeshed that
> was checked in over a month ago.
wp_hash() uses an unchanging salt (set once in the database and not
updated by WordPress ever). So wp_hash('update-check') will remain
constant for the life of the blog. The uses of a URL identifier you
mention are interesting -- though none seem "killer," and some of
those uses should probably be "opt-in."
--
Mark Jaquith
http://markjaquith.com/
Covered Web Services
http://coveredwebservices.com/
WordPress Ninja @ b5media Inc
http://b5media.com/
More information about the wp-hackers
mailing list