[wp-trac] Re: [WordPress Trac] #3316: Protected post password is
plain text in cookie
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 27 19:06:27 GMT 2009
#3316: Protected post password is plain text in cookie
--------------------------+-------------------------------------------------
Reporter: dosa | Owner: anonymous
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 2.8
Component: Security | Version: 2.1
Severity: normal | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Changes (by nbachiyski):
* status: closed => reopened
* resolution: wontfix =>
* milestone: => 2.8
Comment:
The cost of hashing it is so low that it would be stupid not to do it.
The gain isn't much, but hashing it is worth it even for saving one poor
man, who put his e-mail password there and had his cookies stolen due to
an XSS (a common thing these days).
--
Ticket URL: <http://trac.wordpress.org/ticket/3316#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list