Registration Security Issues

  • Unknown's avatar
    bobmagoo · Member ·

    Hi,
    I just signed up with wordpress.com to get an API key so I can use spam filtering applications that require one. I discovered a few major issues in the process in regards to security that I wouldn’t mind getting some feedback and clarification on.

    For one, the link in my confirmation took me to my account page, but with my username and password displayed in big, unhashed text on the screen. This is a horrible idea for two reasons: one because you should never display the user’s password in clear text unless they explicitly ask for it(even then it’s better to reset the password), and two it means that wordpress.com is storing my password in clear text in their database which is another very bad idea. The difference between hashing a password and not in a database is as simple as adding a line to the code like $password = md5($password); before the password is added to the database.

    The second is that my password was sent again in clear text to my email address. Given the history of email protocol’s lack of security and plain text transmission, it is trivial to intercept this password.

    I imagine I’m coming off as a pain or paranoid, but given that wordpress’s code is running on my personal web server, I’m very concerned at the security of that code and whether it’s a good idea to continue having it there.

    I love the concept and it has been fun using WordPress to write out my random thoughts and ideas, but this interaction has me legitimately worried about whether it was a good idea to do it. Thanks in advance for your response.

  • Unknown's avatar
    thesacredpath · Member ·

    Talk to staff. Volunteers here in the forums are not allowed to drive that bus.

    Contact

  • tellyworth · Staff ·

    The password is only stored temporarily until the account is activated – it’s removed at that point. WordPress is open source so you can review our password hashing code if you’d like.

    If you set your password after signup on your user profile page it won’t be displayed or emailed. I recommend treating your signup password as a temporary one and changing it after signup.

    The design of the signup process has to take into consideration the security implications of doing things “right” given the real use cases. Some of the common recommendations for password security paradoxically lead to worse security, as it causes many users to do very insecure things as they try to deal with forgotten or mistyped passwords. That’s why it works that way.

  • The topic ‘Registration Security Issues’ is closed to new replies.