[buddypress-trac] [BuddyPress] #2445: Wordpress Core Ticket #13866 Allows User Impersonation in BuddyPress
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Wed Jun 16 06:33:43 UTC 2010
#2445: Wordpress Core Ticket #13866 Allows User Impersonation in BuddyPress
----------------------+-----------------------------------------------------
Reporter: foxly | Owner:
Type: defect | Status: new
Priority: major | Milestone: 1.3
Component: XProfile | Keywords: spoof, display_name, impersonation, XProfile
----------------------+-----------------------------------------------------
Comment(by r-a-y):
Though I agree with your assessment about spoofing / phishing, I think the
current behaviour for "display_name" is the way it is because people can
have the same name (eg. John Smith).
This brings up the question of whether display names should be made less
prominent on a stock install of BP?
Let's bring up Twitter as an example. Like BP's display_name, anyone can
type anything in Twitter's "Name" field, but because it is only used on
the profile page, it is less prominent and less susceptible to spoofing.
A current workaround is to use the "BP Usernames Only" plugin. This
changes all instances of "display_name" to "user_login".
--
Ticket URL: <http://trac.buddypress.org/ticket/2445#comment:1>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list