[wp-trac] [WordPress Trac] #17830: [patch] The extension mechanisms related to hashing and storing passwords could be improved (was: The extension mechanisms related to hashing and storing passwords could be improved)
WordPress Trac
wp-trac at lists.automattic.com
Sat Jun 18 16:28:53 UTC 2011
#17830: [patch] The extension mechanisms related to hashing and storing passwords
could be improved
-------------------------+----------------------
Reporter: monperrus | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: General | Version:
Severity: normal | Resolution: invalid
Keywords: |
-------------------------+----------------------
Changes (by monperrus):
* cc: monperrus (added)
Comment:
> http://code.trac.wordpress.org/browser/mod_auth_mysql
unless I miss something, this only supports HTTP Basic and not HTTP Digest
(unless AuthMySQLPasswordField is in digest format which is equivalent to
what I am discussing here).
> You are able to replace wp_hash_password().
That's right, but this is not sufficient for the digest format, because
the HTTP digest hash takes into account the username and
wp_hash_password() just receives the password.
I attach a tentative patch to wp-includes/user.php to explain what I mean.
Basically, instead of relying on wp_hash_password for creating and
updating users, it relies on the encapsulation provided by
wp_set_password.
Regards,
--Martin
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17830#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list