- This topic has 1 reply, 2 voices, and was last updated 9 years, 11 months ago by udadmin.
-
Posts
-
Hi –
We now use this plugin as one of our standard plugins for WordPress sites that we manage for clients (thanks – great plugin!).
However, we’ve noted that the authentication process in the WordPress admin requires that the username and password (U/P) for our primary account with UDP gets stored in plain-text in the database, and is output / visible in the source code of UDP settings page once it’s been stored (if you care to look).
I would request that either an API key be generated on the UDP side, which we would use instead of the U/P information in the settings form – or, at the very least, to have the UDP plugin not store the password value in plain text, but instead hash or encrypt it somehow.
If you want to get fancy, then you could either generate unique hash / API keys on the fly (that get stored on the client websites), once the authentication has been done, and / or setup an admin area on the UDP site where the purchasers of your plugin can insert which domains are allowed / supported to work with their particular license keys.
Thanks,
Nathan.Hi Nathan,
You can blank the password after you’ve entered it once and connected. Either blank it in the database, or enter a blank one in the relevant admin area page and press “Connect” again (which has the same effect). It’s only needed the first time. (We’re looking at doing this automatically in a future release – still working through the implications).
David
- The topic ‘Feature Request: API Key instead of login’ is closed to new replies.