Protected post password is plain text in cookie
|Reported by:||dosa||Owned by:||anonymous|
Once a password is entered for a protected post it is stored as plain text in the cookie for all to see. Surely simply keeping some kind of hash would be better?
Change History (8)
- Milestone set to 2.8
- Resolution wontfix deleted
- Status changed from closed to reopened
- Priority changed from normal to high
- Severity changed from normal to major
- Priority changed from high to normal
- Severity changed from major to normal
Note: See TracTickets for help on using tickets.