[wp-trac] [WordPress Trac] #11813: Post password stored as plaintext
WordPress Trac
wp-trac at lists.automattic.com
Mon Sep 17 14:34:04 UTC 2012
#11813: Post password stored as plaintext
---------------------------+-----------------------------
Reporter: ericmann | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Security | Version: 2.9.1
Severity: normal | Resolution:
Keywords: post-password |
---------------------------+-----------------------------
Comment (by ericmann):
Replying to [comment:4 nacin]:
> Perhaps we can block post passwords if when hashed it is the same as
their user password...
That would be an excellent short-term solution that would increase
security (protect users from themselves, really). But I'm still somewhat
uncomfortable storing anything that resembles a password in plaintext.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11813#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list