[wp-trac] [WordPress Trac] #21517: Password protected posts have too long lifespan
WordPress Trac
wp-trac at lists.automattic.com
Wed Aug 8 07:21:06 UTC 2012
#21517: Password protected posts have too long lifespan
--------------------------+-----------------------------
Reporter: Clorith | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4.1
Severity: normal | Keywords:
--------------------------+-----------------------------
When creating a password protected post the access permissions are stored
with cookies using wp-pass.php which defaults to 10 days.
This is too long of a lifetime for a protected page as subsequent visits
within that timeframe allows anyone access to the protected content.
Ideally this should be a user definable value, either set per post, or on
a global level for that WP instance.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21517>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list