=== genii is now known as genii-meeting | ||
tomreyn | knome: about wordpress user 1 / "admin", I agree, chaging the username does notreally help, i just mentioned it as a strategy that was suggested at some point. it does seem better to delete user with id 1 and create a new one, not named "admin". | 00:10 |
---|---|---|
knome | tomreyn, indeed. though again, the user ID is what counts, because that's the one which is used when checking permissions | 00:11 |
knome | (even though usernames still need to be unique and can't be changed..) | 00:11 |
tomreyn | and thus could, under some circumstances (where username -> user id can be determined), enable an attacker to determine an admnistrative account (for further attacks) easily. | 00:13 |
knome | of course | 00:13 |
knome | but given that you can't even create an account named admin as the second account as that is already taken.. :) | 00:14 |
knome | anyway, time to prepare for bed | 00:15 |
tomreyn | even if it's deleted? ok, i didn't know that | 00:15 |
knome | nighty everybody :) | 00:15 |
knome | well | 00:15 |
knome | it can't be deleted | 00:15 |
knome | if you only have one user | 00:15 |
knome | and are creating the other one | 00:15 |
tomreyn | right, sleep well | 00:16 |
knome | you'd first have to create and admin user for ID 2, then delete ID 1, *then* create *another* admin user for ID 3+, with the username admin | 00:16 |
knome | so yes, that's technically possible, but i don't know why somebody would go through that struggle if they intend to use a dumb username after all :P | 00:16 |
knome | but fair point, also don't use "sausage" as your password | 00:17 |
knome | :D | 00:17 |
knome | nighty! | 00:17 |
=== genii-meeting is now known as genii | ||
=== genii is now known as genii-core | ||
=== Baytuch_2 is now known as Baytuch | ||
=== DarkTrick_ is now known as DarkTrick | ||
=== edun is now known as qbt | ||
Baytuch | hi | 08:54 |
=== genii-core is now known as genii |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!