WP Tavern › Forums › Create Topic
David Anderson Moreover… If an attacker identifies a vulnerable server with large numbers of users, he can just do a username enumeration, and try them all. It then doesn’t really matter whether the percentage of requests that will generate usable bounce-backs is large or small; he only wants one to succeed. On PHP versions, the WP developer team’s view is that WP should/cannot bump up the minimum PHP version from 5.2, and/or should not display a notice urging the user to ask their host to upgrade, because users don’t know about or understand these things, and it’s unhelpful to display something potentially confusing. Compare that with the WP security team’s view, on this issue, that if you are vulnerable to the issue, then you’re at fault because your server is badly configured, and, you shouldn’t be expecting the WP security team to prioritise a fix because of that. These two viewpoints are contrary.
David Anderson
Moreover…
If an attacker identifies a vulnerable server with large numbers of users, he can just do a username enumeration, and try them all. It then doesn’t really matter whether the percentage of requests that will generate usable bounce-backs is large or small; he only wants one to succeed.
On PHP versions, the WP developer team’s view is that WP should/cannot bump up the minimum PHP version from 5.2, and/or should not display a notice urging the user to ask their host to upgrade, because users don’t know about or understand these things, and it’s unhelpful to display something potentially confusing. Compare that with the WP security team’s view, on this issue, that if you are vulnerable to the issue, then you’re at fault because your server is badly configured, and, you shouldn’t be expecting the WP security team to prioritise a fix because of that. These two viewpoints are contrary.
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content