[wp-trac] [WordPress Trac] #11454: Add suffix to table prefix on installation
WordPress Trac
wp-trac at lists.automattic.com
Fri Dec 18 20:54:14 UTC 2009
#11454: Add suffix to table prefix on installation
-------------------------+--------------------------------------------------
Reporter: micasuh | Owner: ryan
Type: enhancement | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.9
Severity: normal | Keywords: table_prefix, table prefix, sql injection, vulnerability
-------------------------+--------------------------------------------------
Comment(by micasuh):
Replying to [comment:4 Denis-de-Bernardy]:
> I'm pretty sure that 12_wp_3xyz actually is invalid. (It starts with a
digit.)
Oops, oversight on the starting digit. You're right, that was a poor
example. I was just trying to demonstrate a non-standard prefix that is
much less likely to be discovered by any bot.
> I also honestly doubt that a bot would bother trying to find the prefix
if wp_ doesn't work out of the box. plus, you'd need it to work with the
CPanel installer for the idea to be of any use.
I'm sure you're right about how a bot would give up on default. It depends
on how badly someone wants to make this happen. Given that it's super easy
for a bot to append more characters to an attack, I think this is a
reasonable measure of security to add regardless.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11454#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list