[wp-trac] [WordPress Trac] #22114: Propagating password on change

WordPress Trac wp-trac at lists.automattic.com
Sat Oct 6 22:36:51 UTC 2012


#22114: Propagating password on change
-----------------------------------------+------------------------------
 Reporter:  ChloeD                       |       Owner:
     Type:  feature request              |      Status:  new
 Priority:  normal                       |   Milestone:  Awaiting Review
Component:  Users                        |     Version:  3.4.2
 Severity:  normal                       |  Resolution:
 Keywords:  has-patch close 2nd-opinion  |
-----------------------------------------+------------------------------
Changes (by ChloeD):

 * keywords:  has-patch close => has-patch close 2nd-opinion


Comment:

 As Rob Miller (on wp-hackers) said, "any plugin could access a user's
 plaintext password even now and has always been able to, by hooking into
 `wp_login` and then examining the POST variables".

 Hence, I'd rather go for implementing it clearly, instead of doing it
 through hacks. Maybe another opinion would be useful? Instead of keeping
 stuff dirty, pushing them into the API is a better option, as whatever
 dirty or unsafe things devs will want to do, they'll be able to do no
 matter how much you restrict them from trying to do so.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/22114#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list