[wp-hackers] Rethinking check_admin_referer()
Robert Deaton
false.hopes at gmail.com
Fri Apr 21 03:42:13 GMT 2006
On 4/20/06, John Joseph Bachir <jjb at ibiblio.org> wrote:
>
> But what is the drawback of server-side storage?
Writing to the database is expensive. Here's an example of
computational hashes (very simple) that have a variable lifetime, a
minimum of 12 hours, a maximum of somewhere around 59 hours, the
minimum is easily adjustable, the maximum is slightly harder, but
nothing insurmountable, just requires a bit of math. Obviously, salt
of some sort should be added, action parameters, etc., but this is
just a really, really simple proof of concept.
function generate_nonce() {
$i = time() / 100000;
$end = ceil($i);
if(($i - floor($i)) > .43200)
$end++;
return md5($end);
}
function verify_nonce($nonce) {
$i = ceil(time() / 100000);
if(md5($i) == $nonce || md5($i + 1) == $nonce)
return true;
return false;
}
--
--Robert Deaton
http://somethingunpredictable.com
More information about the wp-hackers
mailing list