[wp-trac] [WordPress Trac] #31535: Shiny Updates: Store FTP Credentials
WordPress Trac
noreply at wordpress.org
Mon Jun 15 05:03:43 UTC 2015
#31535: Shiny Updates: Store FTP Credentials
-----------------------------+---------------------------------------------
Reporter: pento | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: Future Release
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: shiny-updates | Focuses: ui, javascript, administration
-----------------------------+---------------------------------------------
Comment (by dd32):
For the record, my opinion here is that we shouldn't store the password in
`wp-config.php` or database. My primary concern is that many systems that
require FTP are running with PHP as a shared user. Combine that with `wp-
config.php` having world-readable permissions by default and it's a fast
way to compromise all installs on the server.
I believe hosts will continue to make life easier for their customers by
not requiring ftp in the first place..
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31535#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list