-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 WP Testers List wrote: | I agree the value could be considered relatively small, but surely if it | adds any value whatsoever its a bonus? Especially considering the | simplicity of the change. | | I don't see the link between this suggestion and needing to change | usernames? Sorry if I'm being thick. Surely you're more likely to need to | change your username using the current system, because its more likely that | someone will be able to successfully guess your login?
the full list of reasons are buried in the trac history of the tickets that have raised this before. Pro's of the message + Good User Experience Con's of the message + Gives away the existence of a user with that username Pro's of removing the message + One less way to enumerate user id's .... The point is that there is for every install an admin user by default and this is the one that is most likely to have rights to everything and be the one you want to attack. Also user id's often appear as part of the theme output and in the permalinks - think author archives etc. Therefore we are unlikely to accept a patch that _just_ changes the message as overall it has a negative impact on the end-user. We would happily accept a patch for a filter on the message (if one doesn't already exist) to allow a plugin to stop it being output. westi - -- Peter Westwood http://blog.ftwr.co.uk | http://westi.wordpress.com ~ C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH87aIVPRdzag0AcURAjdyAKDEmYYusle+3C6xzCwqaz2etTjBugCggGBC EsGC3nmzxydK5/kjQ/dZEbA= =Xnkd -----END PGP SIGNATURE----- _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
