WordPress.org

Ready to get started?Download WordPress

Forums

[closed] pseudo vs login (7 posts)

  1. hameau
    Member
    Posted 11 months ago #

    [In fact, I'm using WP 3.7 RC1 with automatic updates, not in the list above.] As explained here http://www.tgtb.zz.mu/ecrits/ (in French), I strongly believe that "some-site.xxx/author/author-name" MUST use the pseudonym (as declared in user's profile) rather than the login name. In fact, I strongly believe that the login name MUST be reserved for login purpose only, and appear NOWHERE in the site, for security reason.

    (It seems evident to me that it's much more difficult to break a login/password pair if you don't know the login!)

  2. See https://core.trac.wordpress.org/ticket/25428 and the linked tickets.

    The Display Name field is used to display on the front end of the site, ie. beside "This post was written by: Some Awesome Person". That can be changed at any time. The username is used within the URL as it doesn't change - http://example.com/author/dd32 is always me, regardless of if my Display name is 'Dion', 'dd32', or 'Awesome Blogger'.

    It has been stated in previous tickets, "leaking" of the username is not deemed a security issue by WordPress.org, as it's a conscious decision to use the username as the slug in the URL, If you don't like this default behaviour, there are plugins in the repository which allow you to change the url format to your preferred layout.

    Instead of attempting to provide security by forcing people to guess your username (Which btw, is incredibly easy in most cases, as people are not that inventive) you should be focusing on improving passwords, and/or considering 2 factor authentication (ie. Google Authenticator) if your passwords are known to be insecure/weak.

    Quote by dd32.

  3. hameau
    Member
    Posted 11 months ago #

    NOT Resolved! It might be nice if you READ the question before answer it!

    In fact, there are THREE fields in (recent) WP user's profile: the LOGIN, the PSEUDONYM and the DISPLAY_NAME. So I asked something about the PSEUDONYM VERSUS the LOGIN, and you answer about the DISPLAY_NAME: nothing to say with the question.

    For example, say my login is doris, but my pseudo is dorisnoire, so I would like people reach my posts by /author/dorisnoire/, which is much more intuitive than /author/doris/ imho. Whatever the display_name contains — for example "Dark Skinned, Sensitive Doris", because I like to be welcome this way when entering WordPress — has no meaning here.

    What is the meaning of the PSEUDONYM field if it has not been made for this? AND if it has been made for this, IT IS A BUG!!!

    Whatever your opinion is, in my humble one!

  4. hameau
    Member
    Posted 11 months ago #

    AND as far as my email is dorisnoire@…, which is the case, I don't know WHY everyone on earth might know my login name, which WON'T BE doris anymore when this trouble is solved!

  5. hameau
    Member
    Posted 11 months ago #

    La suite (en français) de cette passionnante discussion se poursuit sur le site de l'auteur, http://www.tgtb.zz.mu (page /sen et articles récents).

    Parce qu'en y réfléchissant sérieusement, à tête reposée, il y a un risque potentiel, là. Alors qu'à priori, le login devrait rester l'identifiant secret, le pseudonyme (qui existe, mais ne sert pas, semble-t-il) devenant l'identifiant public (en un seul mot, comme le secret), et le display-name pouvant contenir des espaces, donc affichable mais inadapté à être inclus dans l'url.

    Et quand je dis « risque potentiel », je pense au client (potentiel, lui aussi) qui peut parvenir à la même conclusion, et qui n'adoptera jamais un produit dont les développeurs prennent la sécurité par dessous la jambe.

    Et quand je dis client… Il y a quelques années, j'ai été candidat à la réalisation du site web de l'organe de presse officiel du gouvernement du Bénin (juste pour vous situer mes « clients »), site web que je comptais réaliser avec WordPress. Je n'ai pas eu le marché, mais la personne qui l'a obtenu a complètement salopé le boulot, et je suis toujours sur les rangs pour le faire, toujours avec WordPress que je pratique depuis les premières bétas, et qui est le CRM que je maîtrise le mieux.

    Pour le moment, le Bénin n'est plus demandeur, mais si je viens avec un projet sérieux dans mes cartons, un tarif audacieux, le transfert de compétences offert en prime — je vends un produit clé en main, pas de la maintenance pour ma pomme jusqu'à ma retraite — pour un site prévu dès le départ pour être multilingue, français/fongbé/yoruba/… et tout ce que le client voudra y mettre, pourquoi pas les 56 dialectes parlés au Bénin, et quelques autres des pays voisins.

    Un projet fou ? Non, un projet audacieux, comme je les aime — comme ceux que je réalise !

    Mais je n'essaierai pas de vendre un « risque potentiel » à un client (qui va peut-être créer des centaines de logins, derrière, pour gérer tout ça), simplement parce que je suis un professionnel sérieux, que je respecte mes clients, et que si je ne le faisais pas, ça nuirait à mon image de marque, à laquelle je tiens !

    (NB: hameau est un compte collectif pour les trois membres fondateurs du site http://www.tgtb.zz.mu, et je ne suis pas dorisnoire, mais je partage son avis.)

  6. Sergey Biryukov
    WordPress Dev
    Posted 11 months ago #

    For example, say my login is doris, but my pseudo is dorisnoire, so I would like people reach my posts by /author/dorisnoire/, which is much more intuitive than /author/doris/ imho.

    There's a plugin for that: http://wordpress.org/plugins/edit-author-slug/.

  7. This is not a alpha/beta issue anymore than it is a bug.

    The decision was made to have this be the login name. The pseudonym was created to allow someone the chance to customize the display name. To which, your login can be foobar, your real name can be John Doe, and your psuseonym can be "foobar (John D.)"

    This way you can make your display name what you want.

    If you want to change the slug, please use the plugin. There is no security leak in having it be apparent. Also this is the English only forum, so please use English only.

Topic Closed

This topic has been closed to new replies.

About this Topic