[wp-trac] [WordPress Trac] #21022: Allow bcrypt to be enabled via filter for pass hashing
WordPress Trac
noreply at wordpress.org
Wed Oct 7 23:39:58 UTC 2015
#21022: Allow bcrypt to be enabled via filter for pass hashing
-----------------------------------+------------------------------
Reporter: th23 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: 2nd-opinion has-patch | Focuses:
-----------------------------------+------------------------------
Comment (by toscho):
Replying to [comment:52 mark8barnes]:
> That's not the worry. The worry is that if this is enabled for PHP 5.5+,
then someone downgrades from PHP 5.5 to PHP 5.3, then bcrypt will no
longer work, and people won't be able to log-in without resetting their
passwords.
One very exotic and unlikely use case cannot be a reason to lower the
security for everyone.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21022#comment:57>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list