How does this increase security, exactly?

  • Hey.

    So I read your code, and I’m unclear as to how this is supposed to increase site security. The way I see it, it only protects against session spoofing, and that’s assuming the attack comes after the keys have been changed.

    Otherwise, it doesn’t increase security of the cookie itself (since it can’t do that), the cookie is already resistant to cracking (mainly because WP uses a different algo to store passwords, so you can’t re-use a collision string for anything), and a live browser hijack will not be prevented from executing by this plugin (or much else except possibly the browser itself).

    Further, I would expect to see lost sessions (possibly lost shopping carts in Woo), if you happen to be doing something when the key replacement fires.

    So how does it help, exactly?

Viewing 1 replies (of 1 total)
  • Thread Starter ellmann creative

    (@ellmanncreative)

    I can see how it would be convenient to exchange all keys after an attack with a click, but that would make this a quality-of-life plugin, not a security plugin.

Viewing 1 replies (of 1 total)
  • The topic ‘How does this increase security, exactly?’ is closed to new replies.