[wp-hackers] Enable Sending Referrers
Mark Jaquith
mark.wordpress at txfx.net
Tue Aug 16 02:42:03 GMT 2005
David Chait wrote:
> Yeah, wouldn't some server-generated hash code (like some of the
> comment-spam plugs use) be a MUCH better/safer verification technique?
>
>>> Matt Mullenweg:
>>>
>>> POST is spoofable with JS, we've been over this already.
>>
>>
>> and sending referrals isn't?
>
Well, I don't know of any way to spoof a referral for someone else. I
don't think JS can do it. So, you can't both spoof a referral and have
someone appear to be logged in. Still, referrals are a pain. My
SideKick doesn't send 'em, so I can't do many WP functions on-the-go.
Many routers strip them out.
I think a unique hash method might work nicely. md5() the DB password +
post/comment ID. What are the downsides to this method?
--
Mark Jaquith
http://txfx.net/
MCincubus @ #wordpress
More information about the wp-hackers
mailing list