BlogSecurity Interview

Friday, June 29. 2007

Friday, June 29. 2007



Two days ago I was interviewed by the people of BlogSecurity about my thoughts about WordPress, their vulnerabilities and how they deal with them. The interview is meanwhile online.


Posted by Stefan Esser in Security, PHP at 18:50
Comments (2)
Link to this post


Comments
Display comments as (Linear | Threaded)

#1 AntonioCS ()
In the interview you say:

"Ensure that the default SQL tableprefix is not chosen during installation."

I am making a small backoffice and I also have this feature (selecting the sql tableprefix during the install). Why is this a bad thing?
posted on Sunday, July 1. 2007
#1.1 Stefan Esser wrote (Link) ()
The sentence is very badly expressed...

What I meant was that the installer should warn the user that it is wise from a security point of view, to change the default table prefix 'wp_' to something else.
posted on Sunday, July 1. 2007

Add Comment

Standard emoticons like :-) and ;-) are converted to images.
 

Submitted comments will be subject to moderation before being displayed.
 
Calendar
Back May '08
Mon Tue Wed Thu Fri Sat Sun
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  
Archives
May 2008
April 2008
March 2008
Recent...
Older...
Categories

All categories
Syndicate This Blog
Protected By

Hardening-Patch for PHP