[wp-trac] [WordPress Trac] #11813: Post password stored as plaintext
WordPress Trac
wp-trac at lists.automattic.com
Mon Sep 17 14:40:24 UTC 2012
#11813: Post password stored as plaintext
---------------------------+-----------------------------
Reporter: ericmann | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Security | Version: 2.9.1
Severity: normal | Resolution:
Keywords: post-password |
---------------------------+-----------------------------
Comment (by nacin):
It's something that is designed to be shared, so storing it hashed is
pretty much a no-go. People will need to refer to it, change it, etc.
There is a reason why we store it in a type=text field, rather than
type=password. That alone should probably scare most people away from
entering a full password.
Perhaps calling it something other than a "password" would also help, but
that ship has sailed.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11813#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list