Support Forum
Support Forum
Offline
On another note, on the sp user profile at the bottom of the screen, I just discovered the view topics by user link, which is very handy, but I am wondering if security would be improved by not exposing the wp user_id. I am thinking about making this more visible to users but before that I thought I would get your take on the security concern.
Might it be better to pass the user_login for the "value" and then have the back end get the user_id?
https://simple-press.com/suppo.....038;type=4
ust a thought
Offline
On this one then perhaps the question is why would user_login be any more secure than user_id? I don't see it...?
 |
YELLOW
SWORDFISH
|
Offline
Well generally, I am no expert but I think coders generally try not to expose critical id information ... by knowing the id you could use it for hacking, session hijacking etc. All the tables are cross referenced by id not user_login ... so it would be easier to get more info about the user if you knew the id. If the hack allows them to get the user id from the user login, I guess the point is moot but that's a big assumption.
You're right there is less concern about this that I thought but there is a debate. here are some links discussing the issue.
http://stackoverflow.com/quest.....urity-risk
http://programmers.stackexchan.....t-practice
Thanks
Offline
Oh yes - there is a permanent debate always has been. And we have had it both ways in the past and always had complaints no matter which way it is. But WordPress is pretty solid in not allowing information like this to leak or be useful.
|
YELLOW
SWORDFISH
|
All RSS1 Guest(s)