#11813 closed defect (bug) (wontfix)
Post password stored as plaintext
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 2.9.1 |
| Component: | Security | Keywords: | |
| Focuses: | Cc: |
Description
When a user specifies a password for a protected post it's stored as plaintext in the database. Considering the rate at which people recycle personal passwords, does this open a user's site to potential security risks?
While not necessarily our responsibility, this would raise issues if they use the same password for a login and for their protected posts.
Change History (10)
#2
@
16 years ago
As suggested for private posts in #11695, it might be nice to move password stuff into a "canonical" plugin. Currently it's pretty hacky.
#4
follow-up:
↓ 5
@
14 years ago
Perhaps we can block post passwords if when hashed it is the same as their user password...
#5
in reply to:
↑ 4
@
14 years ago
Replying to nacin:
Perhaps we can block post passwords if when hashed it is the same as their user password...
That would be an excellent short-term solution that would increase security (protect users from themselves, really). But I'm still somewhat uncomfortable storing anything that resembles a password in plaintext.
#6
follow-up:
↓ 7
@
14 years ago
It's something that is designed to be shared, so storing it hashed is pretty much a no-go. People will need to refer to it, change it, etc. There is a reason why we store it in a type=text field, rather than type=password. That alone should probably scare most people away from entering a full password.
Perhaps calling it something other than a "password" would also help, but that ship has sailed.
#7
in reply to:
↑ 6
;
follow-up:
↓ 8
@
14 years ago
Replying to nacin:
It's something that is designed to be shared, so storing it hashed is pretty much a no-go.
Good point.
Perhaps calling it something other than a "password" would also help, but that ship has sailed.
Perhaps we could rename it in a future release? It won't be the first time we've renamed a feature. (Admin bar => toolbar)
#8
in reply to:
↑ 7
;
follow-up:
↓ 9
@
12 years ago
Replying to ericmann:
Perhaps we could rename it in a future release? It won't be the first time we've renamed a feature. (Admin bar => toolbar)
I don't see too much benefit here. At the end of the day, it is a password. Calling it by any other name wouldn't be as descriptive.
I suggest we wontfix this.
#9
in reply to:
↑ 8
@
12 years ago
- Keywords post-password removed
- Resolution set to wontfix
- Status changed from new to closed
Replying to ericlewis:
Calling it by any other name wouldn't be as descriptive.
I suggest we wontfix this.
It's been a while since I considered this an issue, so I'm given to agreeing with you. Closing as wontfix unless someone else wants to make a compelling argument.
I see no harm in doing at least a simple md5() on the password. (It shouldn't be the same hashing function used for user passwords)