[wp-trac] Re: [WordPress Trac] #6413: Add custom prefix to
cookie-names
WordPress Trac
wp-trac at lists.automattic.com
Thu Mar 27 08:56:57 GMT 2008
#6413: Add custom prefix to cookie-names
-------------------------+--------------------------------------------------
Reporter: webrocker | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Changes (by westi):
* severity: major => normal
Comment:
Giving away the db prefix in the cookie name sounds like bad security fu
to me.
[[br]]
You would be giving a hacker extra information about your blog.
[[br]]
The cookie names are already based on the site url - we could maybe change
this from a straight md5 of the site url to something less deterministic.
[[br]]
We do already allow you to define your own cookie names in wp-config.php
if you want:
http://trac.wordpress.org/browser/trunk/wp-settings.php#L269
--
Ticket URL: <http://trac.wordpress.org/ticket/6413#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list