[wp-hackers] Enable Sending Referrers

Mark Jaquith mark.wordpress at txfx.net
Tue Aug 16 02:42:03 GMT 2005

David Chait wrote:

> Yeah, wouldn't some server-generated hash code (like some of the 
> comment-spam plugs use) be a MUCH better/safer verification technique?
>>> Matt Mullenweg:
>>> POST is spoofable with JS, we've been over this already.
>> and sending referrals isn't?
Well, I don't know of any way to spoof a referral for someone else.  I 
don't think JS can do it.  So, you can't both spoof a referral and have 
someone appear to be logged in.  Still, referrals are a pain.  My 
SideKick doesn't send 'em, so I can't do many WP functions on-the-go.  
Many routers strip them out.

I think a unique hash method might work nicely.  md5() the DB password + 
post/comment ID.  What are the downsides to this method?

Mark Jaquith
MCincubus @ #wordpress

More information about the wp-hackers mailing list