[wp-trac] [WordPress Trac] #11454: Add suffix to table prefix on installation
WordPress Trac
wp-trac at lists.automattic.com
Thu Mar 4 23:02:44 UTC 2010
#11454: Add suffix to table prefix on installation
--------------------------------------+-------------------------------------
Reporter: micasuh | Owner: ryan
Type: enhancement | Status: closed
Priority: high | Milestone:
Component: Security | Version: 2.9
Severity: normal | Resolution: wontfix
Keywords: needs-patch dev-feedback |
--------------------------------------+-------------------------------------
Comment(by micasuh):
Replying to [comment:15 Denis-de-Bernardy]:
> Replying to [comment:13 novasource]:
> > Seems like the right solution is for WordPress to be designed for
security.
>
> Yes, and security by obscurity is not good security. The right solution
is for WP to be designed in such a way that knowing the prefix is useless.
I know with Dreamhost, for example, when the 1-click installer is used, a
random prefix is always inserted. Why can't this be the case for manual
installations by default? It's silly to assume everyone uses a 1-click
installer for Wordpress.
This seems like a known vulnerability that WP devs are purposely going to
avoid fixing, and it'll be sad if the day comes that this vulnerability is
exploited on a mass scale.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11454#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list