[wp-hackers] Plugin update & security / privacy - Data sent

Omry Yadan omry at yadan.net
Sun Sep 23 13:40:45 GMT 2007

You confused me a bit with the suggestion to add plugin information.

in this case, I agree that sending md5 of the url is a step in the right 

in all truth, I don't see why the client even NEED to send it's version. 
it can be nice for statistics purpose, but  nothing more..

it can just as easily be implemented by requesting the latest version 
number from the server and comparing it to the current version.

but as you said, it's probably already too late for this.

I think it's a shame that the concerns raised in this mailing list in 
past few weeks about this were ignored.

Moritz 'Morty' Strübe wrote:

> Omry, although I do agree with you, I'm not sure whether you understand
> the situation. We are not discussing what we - in this case they, as I
> am not a core-dev and I think neither are you - should do or what is the
> best way to solve this problem. The code is there and tested. The
> release is Monday, tomorrow. There will be _no_ changes is the way it
> works. The only thing that might happen, is that the URL get's wrapped
> in a md5 or better not transmitted at all.
> Cheers
> Morty

More information about the wp-hackers mailing list