[wp-trac] [WordPress Trac] #40556: REST API: Allow for server generating a user's password
WordPress Trac
noreply at wordpress.org
Thu Apr 27 14:31:00 UTC 2017
#40556: REST API: Allow for server generating a user's password
--------------------------------------+------------------------------
Reporter: TimothyBlynJacobs | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 4.7
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses: rest-api
--------------------------------------+------------------------------
Comment (by TimothyBlynJacobs):
I think there is value in having the server generate the password, even
without returning it in the response.
When relying on the password set/reset email, the user might not get to it
quickly, or at all in some cases. The default password still needs to be
strong in the meantime. And In conjunction with #40477 to create user
accounts that don't notify the user at all. Even in those cases, the user
should have a strong password to prevent brute force attacks.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40556#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list