Bug #41
Potential Privacy/Security Issue
0%
Description
as I see you are using timestamp+IP for the hidden input elementmyElement.value = '1370701133 80.98.70.185';
it is not cache-friendly: the first generated page, so the first visitors data remains in the page cache
please use another technique to be cache-friendly, or disable this check on caching (you can "ask" WP about it)
WP support page:
http://wordpress.org/support/topic/bad-behavior-causing-potential-privacysecurity-issue
History
#1
Updated by Michael Hampton almost 6 years ago
- Assignee set to Michael Hampton
This code is useless and destructive in an environment where the cache is external, i.e. nginx or varnish front end caching. It also doesn't provide us much benefit as we already have other ways to do the same check. It will be removed shortly.
#2
Updated by Viktor Szépe almost 6 years ago
I use Hypercache
http://wordpress.org/plugins/hyper-cache/
#3
Updated by Michael Hampton almost 6 years ago
Oh. Hyper Cache does 404 caching (which is generally a bad idea without very careful tuning). That's why this is an issue for you. I don't recommend Hyper Cache :) Anyway, this will be removed from Bad Behavior.
#4
Updated by Viktor Szépe almost 6 years ago
I mean basicly everyone sees the data (IP, timestamp) of the one who triggered caching. I personally turn off 404 caching in Hypercache:
http://snag.gy/3t5GP.jpg
#5
Updated by Michael Hampton about 4 years ago
- Start date deleted (
06/08/2013) - Status changed from New to Accepted
#6
Updated by Michael Hampton 9 months ago
- Target version changed from 3.0 to 2.2.21
Fixed in r1905739.
This will be fixed in the next release of Bad Behavior.
This feature has been removed.
#7
Updated by Michael Hampton 9 months ago
- Status changed from Accepted to Resolved