[wp-trac] [WordPress Trac] #881: Lengthen password field for protected posts
WordPress Trac
noreply at wordpress.org
Wed Oct 30 20:09:55 UTC 2013
#881: Lengthen password field for protected posts
------------------------------+------------------------------
Reporter: ScytheBlade1 | Owner: Nazgul
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Optimization | Version:
Severity: normal | Resolution:
Keywords: has-patch commit |
------------------------------+------------------------------
Comment (by iandunn):
+1 for lengthening the field. 20 characters isn't long enough to use
passphrases, and this is a use case where passphrases are better than
passwords because they're easier for the post author to share with the
intended readers.
I can see both sides of the argument for encrypting them. On the one hand,
we know that the user wants the keep the post a secret, and sending the
password plain-text over the network when creating and viewing makes it
vulnerable.
On the other hand, encrypting it is probably overkill for the majority of
use cases, and would lead to confusion since it's always been displayed to
the author in the past. Authors aren't likely to write it down, so they'd
have to reset it if they forgot it.
I'm leaning towards leaving it unencrypted, and letting someone write a
plugin to encrypt them for people who want that.
Attaching a refreshed patch.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/881#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list