[wp-hackers] Security at Wordpress
Andy Skelton
skeltoac at gmail.com
Mon Apr 24 11:58:33 GMT 2006
On 4/24/06, Andrew Krespanis <leftjustified at gmail.com> opined:
> Looks fine :)
Not bad at all.
Still, if you removed the ability to do everything via GET, how am I
going to approve comments from my email with a single click, assuming
I don't allow HTML in my emails? I think that's the actual bar. It may
be unreasonable from a pure security standpoint but the convenience is
more routinely visible than the security.
If you only moved certain actions (e.g. delete post) out of the GET
domain while leaving others alone (e.g. comment moderation) you'd
probably have more luck getting your code committed.
Andy
More information about the wp-hackers
mailing list