[wp-trac] [WordPress Trac] #7673: why add global groups in wp?
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 3 10:05:40 GMT 2008
#7673: why add global groups in wp?
-----------------------+----------------------------------------------------
Reporter: tmcookies | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.6.2
Component: Security | Version:
Severity: major | Keywords:
-----------------------+----------------------------------------------------
wp-settings.php adds the following global groups to the cache object:
users, userlogins and usermeta. This means, that all the userlogins are
saved at the same spot for different wp-installations on one server
resulting in a leakage. I think this setting only makes sense in wpmu, but
not in normal wp, since user data isn't global across multiple wp-
installations.
--
Ticket URL: <http://trac.wordpress.org/ticket/7673>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list