[wp-hackers] Maybe a secure-hole
Frank Bueltge
frank at bueltge.de
Thu Oct 9 10:57:48 GMT 2008
Yes, this is easy.
My users like this link, in many Blogs and Themes is this essential.
I think this is a problem in the function the_author_posts_link()
Maybe use md5 or name+surname etc for the url.
On Thu, Oct 9, 2008 at 12:40 PM, scribu <scribu at gmail.com> wrote:
> You can easily remove that link from your theme files (single.php et
> co). No need to change anything in WordPress itself.
>
> On Thu, Oct 9, 2008 at 11:25 AM, Frank Bueltge <frank at bueltge.de> wrote:
>> When you include a link to the authro and activate the permalink, then
>> you became a link to the login-name of the author.
>> This is a secure-hole. Hackers use this login-namer and searc h for
>> the password.
>>
>> examble:
>> <a href="http://localhost/wpbeta/author/admin/" title="Posts by Frank
>> Bueltge">Frank Bueltge</a>
>>
>> Link to:
>> http://localhost/wpbeta/author/admin/
>>
>> admin is the login-name and the author had set the name in the Blog on
>> your namen and surename.
>>
>> maybe it is possible to cahnge this in 2.7?
>>
>> * Sorry for my bad english, i hope your understand me.
>> Best wishes
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>
>
>
> --
> http://scribu.net
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list