[wpmu-trac] [WordPress MU Trac] #208: Patch for increasing the
security level of storing the double hash password in cookie
WordPress MU Trac
wpmu-trac at lists.automattic.com
Tue Dec 5 02:31:21 GMT 2006
#208: Patch for increasing the security level of storing the double hash password
in cookie
-------------------------+--------------------------------------------------
Reporter: chengtleman | Owner: somebody
Type: defect | Status: new
Priority: normal | Milestone:
Component: component1 | Version:
Severity: normal | Keywords:
-------------------------+--------------------------------------------------
The purpose of this patch is to increase the security level of storing the
double hash password in cookie. In the current WordPress MU, if a hacker
get another user's cookie, the hacker can pretend to be that user and do
whatever he want until that user notices it and than change the password.
By applying this patch, a timestamp is added in the double hash function
so that the hashed password is different at any time (similar to other
login by cookie system e.g. yahoo). The expiry time of the timestamp is 1
day by default. Users need to relogin after 1 day.
--
Ticket URL: <http://trac.mu.wordpress.org/ticket/208>
WordPress MU Trac <http://mu.wordpress.org/>
WordPress Multiuser
More information about the wpmu-trac
mailing list