[wp-hackers] Rethinking check_admin_referer()

Owen Winkler ringmaster at midnightcircus.com
Fri Apr 21 17:17:53 GMT 2006


Paul Mitchell wrote:
> Interesting. I'd think twice about sending the DB_PASS to anything other
> than the database.

DB_PASS is used throughout WordPress as a unique, private seed for 
generating MD5 hashes.  This case is no different.  Nobody is going to 
get your database password by looking at a generated nonce.

Owen




More information about the wp-hackers mailing list