[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Wed Nov 7 22:03:55 UTC 2012
#21022: Allow bcrypt to be enabled via filter for pass hashing
------------------------------------+------------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: dev-feedback has-patch |
------------------------------------+------------------------------
Comment (by ryanhellyer):
Replying to [comment:20 harrym]:
> Surely this risk is minute? You'd have to move from a server running
5.3.x to one running 5.2.x. And it's trivially solvable by changing your
password.
I run a few sites with many thousands of logged in users. Forcing them to
all upgrade their passwords at once would be quite problematic. It's
fairly unlikely we'd ever downgrade the server during a move like that of
course, but you never know what sort of weird things people might do
without realising the ramifications until afterwards.
> What's involved in increasing the requirement from 5.2 to 5.3? That
feels non-trivial.
That's more of a political question I guess. Changing it is physically
trivial, but judging by how hard it was to move from PHP 4 to 5.2 I'm
guessing having the requirements change will not be so trivial.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21022#comment:21>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list