WordPress.org

Support

Support » Plugins and Hacks » User Avatar » Security Issue: User ID in the thumbnail URL

Security Issue: User ID in the thumbnail URL

  • Hey guys,

    I just want to discuss if it make sense to avoid the user id in the thumbnail URL. It allows an attacker to look up the User ID that comes staid from the DB. There are lots of WP system hardening strategies that reference similar topics.

    What you guys think? Make it sense to implement an additional name security/mapping layer? I would strongly recommend it.

    Stefan Berntheisel

    http://wordpress.org/extend/plugins/user-avatar/

  • The topic ‘Security Issue: User ID in the thumbnail URL’ is closed to new replies.
Skip to toolbar