[wp-hackers] [Patch] Propagating password change in an action
Rob Miller
rob at bigfish.co.uk
Sat Oct 6 20:47:05 UTC 2012
On 6 Oct 2012, at 21:00, Nathaniel Taintor <goldenapplesdesign at gmail.com> wrote:
> I'm going to guess that the potential for evil this patch would introduce,
> if it were in core, outweighs any possible usefulness.
>
> I, for one, would not want plugins to be able to access user's plaintext
> passwords.
This argument is a bit silly — any plugin could access a user's plaintext password even now and has always been able to, by hooking into `wp_login` and then examining the POST variables.
You're installing a plugin — inexorably and by its very nature, it's going to have the power to do things like that.
--
Rob Miller
Head of Digital
big fish®
11 Chelsea Wharf
15 Lots Road
London
SW10 0QJ
Office number: +44 (0)20 7795 0075
Direct number: +44 (0)20 7376 6799
www.bigfish.co.uk
More information about the wp-hackers
mailing list