[wp-hackers] Security at Wordpress

Brian Layman Brian at TheCodeCave.com
Mon Apr 24 19:48:35 GMT 2006


Elliotte Rusty Harold countered with:
> There's also an option 5 that's been proposed, allowing Undo rather than 

Yes.  That forces an attack to be multiple steps.  Any delete attack must
involves emptying the bin too for the damage to be permanent.

Because the current nonce design is action specific, it offers protection
against that.  You can't delete and flush/empty at the same time.

> Defense in depth is a good thing.
Agreed.



More information about the wp-hackers mailing list