[wp-hackers] Possible security patch

Ian Stewart ian at themeshaper.com
Sun Dec 6 04:29:44 UTC 2009


What I'm proposing would be using an alternate sanitized name in both the
body_class AND the author URLs. The correct solution probably is to avoid
using the admin account for posting. I'd argue though that most people do
use the admin account for posting and will continue to whether or not it is
the correct solution. Even if they know it's the correct solution. Just like
people choose to use weak passwords, leave their plugins and themes and
copies of WordPress out of date and do countless other things that aren't
correct.

That said, I hadn't heard of the user switching plugin before. Thanks for
that. That'll make doing the correct thing a lot easier. Cheers.

On Sat, Dec 5, 2009 at 2:31 PM, Steven Rossi <SuperMoonMan at gmail.com> wrote:

> Yeah, I think the User Switching plugin would be a nice feature to have
> built-in, but consider how often you use it on your OS. It's really a
> breeze
> to use a non-administrator account on a PC (it's easier on a Mac, but less
> relevant because of less threat) and to switch to an administrator account
> when necessary, whether through Fast User Switching or the Run As...
> right-click function (if that still exists past XP, I'm not sure), but who
> actually does that? Too inconvenient. I'm just not sure having that
> functionality included in Wordpress would be much more than a "nice
> feature."
>
> Steven Rossi
> http://www.letsmovetothemoon.com
> http://www.stevenjrossi.com
> http://www.twitter.com/supermoonman
>
> On Sat, Dec 5, 2009 at 3:12 PM, Matt Mullenweg <m at mullenweg.com> wrote:
>
> > On 2009-12-05 11:45 AM, Joost de Valk wrote:
> >
> >> Can I vote for rolling the user switching plugin into core?
> >>
> >
> > You can, but it doesn't have anything to do with security.
> >
> >
> > --
> > Matt Mullenweg
> > http://ma.tt | http://wordpress.org | http://automattic.com
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
Ian Stewart

http://ThemeShaper.com/
http://twitter.com/iandstewart/
http://ianstewart.stumbleupon.com/


More information about the wp-hackers mailing list