[wp-hackers] [Patch] Propagating password change in an action

Rob Miller rob at bigfish.co.uk
Sat Oct 6 20:47:05 UTC 2012


On 6 Oct 2012, at 21:00, Nathaniel Taintor <goldenapplesdesign at gmail.com> wrote:

> I'm going to guess that the potential for evil this patch would introduce,
> if it were in core, outweighs any possible usefulness.
> 
> I, for one, would not want plugins to be able to access user's plaintext
> passwords.

This argument is a bit silly — any plugin could access a user's plaintext password even now and has always been able to, by hooking into `wp_login` and then examining the POST variables.

You're installing a plugin — inexorably and by its very nature, it's going to have the power to do things like that.


--

Rob Miller
Head of Digital

big fish®
11 Chelsea Wharf
15 Lots Road
London
SW10 0QJ
 
Office number: +44 (0)20 7795 0075
Direct number: +44 (0)20 7376 6799

www.bigfish.co.uk



More information about the wp-hackers mailing list