[wp-trac] [WordPress Trac] #21517: Password protected posts have too long lifespan

WordPress Trac wp-trac at lists.automattic.com
Wed Aug 8 07:21:06 UTC 2012


#21517: Password protected posts have too long lifespan
--------------------------+-----------------------------
 Reporter:  Clorith       |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Security      |    Version:  3.4.1
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 When creating a password protected post the access permissions are stored
 with cookies using wp-pass.php which defaults to 10 days.

 This is too long of a lifetime for a protected page as subsequent visits
 within that timeframe allows anyone access to the protected content.

 Ideally this should be a user definable value, either set per post, or on
 a global level for that WP instance.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21517>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list