[wp-trac] [WordPress Trac] #33724: Save FTP Details in Database
WordPress Trac
noreply at wordpress.org
Fri Sep 4 10:57:01 UTC 2015
#33724: Save FTP Details in Database
-----------------------------+----------------------
Reporter: atomicjack | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Upgrade/Install | Version: trunk
Severity: normal | Resolution: wontfix
Keywords: | Focuses:
-----------------------------+----------------------
Changes (by TobiasBg):
* status: new => closed
* focuses: administration =>
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
Thanks for your suggestion! I don't think that this is going to work,
however.
Hashed FTP passwords are rather useless, as WordPress needs the unhashed
/plain-text ones in order to open an FTP connection to the server.
Storing the plain text passwords in the DB is no good idea either, for the
security reasons that you mentioned. (For one, if someone can read wp-
config.php, he'd have access to the DB credentials anyways. Secondly, this
makes another attack vector for the FTP credentials attractive, like SQL
injection.)
If a user is bothered with entering the FTP credentials every time, he can
simply add them as constants to wp-config.php (but will have to live with
the potentially reduced security).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33724#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list