Security implementation

  • Resolved Steve Szmidt

    (@steveszm)


    8 months, 4 weeks ago

    I just discovered that Ultimate Member has a big design flaw in that it will actually tell you if your login or password is bad, which greatly improves the odds for a break in. Standard practice is to not indicate which is incorrect. Now I need to find a replacement or write my own.

    Then there are things such as escaping quotes to avoid SQL-injection and so on (https://developer.mozilla.org/en-US/docs/Learn/Server-side/First_steps/Website_security) is a good start.

    PHP, for example, currently have hard to hack but still doable bug which interestingly is how FBI broke in to an illegal hacker (cracker) site. Security is largely an unknown subject in-spite of how often it is discussed.

    Do you have any plans on implementing any of these in your plugin?

Viewing 1 replies (of 1 total)
  • Plugin Author Mej de Castro

    (@mej)

    Hi @steveszm,

    Our team will carefully review your request, and we’ll bring it up with our developer for consideration in future releases. We’ll keep you updated on our progress.

    Thanks,
    Mej

Viewing 1 replies (of 1 total)
  • The topic ‘Security implementation’ is closed to new replies.