[wp-hackers] Su for WP: wp-su (Was: Possible security patch)

Sun Dec 6 05:09:18 UTC 2009

Sounds like a cool plugin which will certainly serve its purpose for users
that install it. The problem it might run into is that
getting-people-to-use-it part. People that know how this stuff works well
enough to realize they should be using something like this are probably
already using something like this--or at least being smart about their
usernames/passwords. Because really, something like this is definitely an
inconvenience, despite it providing valuable security. If you could get the
message of the importance of this out there, I totally support your plugin.

Steven Rossi
http://www.letsmovetothemoon.com
http://www.stevenjrossi.com
http://www.twitter.com/supermoonman

On Sat, Dec 5, 2009 at 11:55 PM, Dion Hulse (dd32) <wordpress at dd32.id.au>wrote:

> On Sun, 06 Dec 2009 15:29:44 +1100, Ian Stewart <ian at themeshaper.com>
> wrote:
>
>  The correct solution probably is to avoid
>> using the admin account for posting. I'd argue though that most people do
>> use the admin account for posting and will continue to whether or not it
>> is
>> the correct solution. Even if they know it's the correct solution. Just
>> like
>> people choose to use weak passwords
>>
>
> I've been working on a plugin the past few days for that exact reason, That
> a lot of users just use a Administrative account..
>
> The idea? Wp-Su
>
> Put simply, It adds an extra line of security to WordPress, No longer do
> you have an Administrative account, You have an account with minimal
> privledges -  Enough to let you write posts, edit posts, and do the majority
> of what you would do..
> But in the event that you wish to change a blog option, Theres no need to
> log out and log into the admin account, Just hit the Su link, Type in the
> extra password (Which can(should) differ from you user account password),
> and all the administrative features are open (For a predetermined time,
> 5minutes? 15, 30minutes).
>
> I've had some people ask me flat out, Whats the point. Just use a Editor
> account. OR Why? Arnt people just going to sniff the Su password as well?
>
> I came up with a simple list for that:
>  1. Users should never use accounts which have more privledges than they
> require
>  2. Users should only ever log into administrative accounts on
> computers/networks they trust 100%
>  3. Users should never use the same password for everything
>  4. Majority of keyloggers are generally only targetting User/password
> combinations
>
> How many people know of a user who doesnt follow 1-3?
> How many people know of a bank which no longer uses a username and password
> combo? And instead, Has an extra layer of security (Picture password for
> example, or SMS)? - Pretty much all of them.
>
> Currently.. My plugin is unreleased, However, will be out by the time 2.9
> ships, will require WP 2.9, and whilst the UI integration isnt as good as
> i'd like (due to WP shortcomings in filters at present), Uses a extra text
> password (instead of Pictures/phrases/whatever), and is presently mainly a
> proof of concept.
>
> Right now, The user enables the plugin, Selects which roles should have
> access to a Su environment, and select which caps should be protected by Su
> use (ie. Plugin, Blog, Theme and User options/edits should only be done by
> Su users, However Post publishing, page editing, etc can be done by a
> "normal" user).. I'm hoping to extend that to have a short wizard which
> prompts to user to set it up properly before release however.
>
> Thoughts? Anyone want the Beta? (Email me off list please - It could do
> with some security testing before release.. Not sure i got the User Cookie
> 100% right)
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>