[wp-hackers] Credential Storage

Brian Layman wp-hackers at thecodecave.com
Sun Jan 30 22:25:23 UTC 2011

I have a plugin that integrates WordPress with a blogger's Ning 
community. It provides some user credential synchronization and basic 
status updating.

The project main feature is that the same username and password grants 
access to both the WordPress and Ning applications.  I've been planning 
to add this plugin to the WP.org repository for two years now.  One of 
the areas that has always concerned me and what is preventing me from 
sharing this code is the handling of the credentials.

When working with a single login system, you have the advantages of 
using a one way hash.  When your code needs to login to another system 
not built to provide tokens et al, you obviously don't have that 
advantage.  So, what would you recommend? I mean is there anything that 
I can do that would provide a decent level of security that will prevent 
people using this plugin as a harvesting tool for abusive actions?   If 
there isn't then maybe this a tool that is best not shared?  Should I 
make it a premium plugin so that people feel that there is a record 
associated with it?

Lots of people have asked for a WordPress/Ning Bridge, I just don't want 
to make it easy for people to abuse the feature. So rot13 is not the way 
to go, but is anything else really any better?

Brian Layman
Managed WordPress Hosting

More information about the wp-hackers mailing list