[wp-trac] [WordPress Trac] #11454: Add suffix to table prefix on installation
WordPress Trac
wp-trac at lists.automattic.com
Wed Dec 16 21:02:35 UTC 2009
#11454: Add suffix to table prefix on installation
-------------------------+--------------------------------------------------
Reporter: micasuh | Owner: ryan
Type: enhancement | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.9
Severity: normal | Keywords: table_prefix, table prefix, sql injection, vulnerability
-------------------------+--------------------------------------------------
Comment(by micasuh):
Having thought about this, I think it would always make more sense to be
either really long or completely random. A bot could easily break a table
that was a defined number of characters as my first example.
So what is now
{{{
table_prefix = wp_
}}}
could be
{{{
table_prefix = xyz_wp_123_
}}}
or
{{{
table_prefix = 12_wp_3xyz_
}}}
The more random this prefix is, the less likely an attack could be
successful.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11454#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list