Protected post password is plain text in cookie
|Reported by:||dosa||Owned by:||anonymous|
Once a password is entered for a protected post it is stored as plain text in the cookie for all to see. Surely simply keeping some kind of hash would be better?
Change History (8)
comment:5 nbachiyski — 5 years ago
- Milestone set to 2.8
- Resolution wontfix deleted
- Status changed from closed to reopened
comment:6 raxitsheth — 5 years ago
- Priority changed from normal to high
- Severity changed from normal to major
comment:7 Viper007Bond — 5 years ago
- Priority changed from high to normal
- Severity changed from major to normal
Note: See TracTickets for help on using tickets.