[wp-trac] [WordPress Trac] #11813: Post password stored as plaintext

WordPress Trac wp-trac at lists.automattic.com
Mon Sep 17 14:34:04 UTC 2012


#11813: Post password stored as plaintext
---------------------------+-----------------------------
 Reporter:  ericmann       |       Owner:  ryan
     Type:  defect (bug)   |      Status:  new
 Priority:  normal         |   Milestone:  Future Release
Component:  Security       |     Version:  2.9.1
 Severity:  normal         |  Resolution:
 Keywords:  post-password  |
---------------------------+-----------------------------

Comment (by ericmann):

 Replying to [comment:4 nacin]:
 > Perhaps we can block post passwords if when hashed it is the same as
 their user password...

 That would be an excellent short-term solution that would increase
 security (protect users from themselves, really).  But I'm still somewhat
 uncomfortable storing anything that resembles a password in plaintext.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11813#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list