[wp-trac] [WordPress Trac] #22114: Propagating password on change
WordPress Trac
wp-trac at lists.automattic.com
Sat Oct 6 22:36:51 UTC 2012
#22114: Propagating password on change
-----------------------------------------+------------------------------
Reporter: ChloeD | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 3.4.2
Severity: normal | Resolution:
Keywords: has-patch close 2nd-opinion |
-----------------------------------------+------------------------------
Changes (by ChloeD):
* keywords: has-patch close => has-patch close 2nd-opinion
Comment:
As Rob Miller (on wp-hackers) said, "any plugin could access a user's
plaintext password even now and has always been able to, by hooking into
`wp_login` and then examining the POST variables".
Hence, I'd rather go for implementing it clearly, instead of doing it
through hacks. Maybe another opinion would be useful? Instead of keeping
stuff dirty, pushing them into the API is a better option, as whatever
dirty or unsafe things devs will want to do, they'll be able to do no
matter how much you restrict them from trying to do so.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22114#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list