[wp-hackers] Forum Help
m at mullenweg.com
Sun May 15 20:44:59 GMT 2005
Matthew Thomas wrote:
> And it doesn't
> protect people using GWA (though I see you have a patch for that), or
> people using another prefetching accelerator.
The MOZ prefetch header seems to be a convention, which is why Google
adopted it. Accelerators have been around a while, none have been as
brain-dead as Google's "beta" as far as I know.
> And it doesn't let you
> have Referers turned off a la RFC 2616 section 15.1.3 (but you knew that
There are always tradeoffs in a secure system.
> And it makes extra work for anyone who renames the wp-admin/
> directory to deter attackers.
Renaming wp-admin wouldn't deter attackers, is not support in any way in
the program (maybe we could add some options for it :-p), and is "snake
oil" security, which we don't endorse or encourage.
> Using POST buttons where appropriate,
> instead of links, would fix all those problems, but I guess there's some
> good reason for not using them.
Finally! Thanks for understanding that the real world may appear simple
from the heights of the ivory tower but actually there's usually a good
reason for everything in a mature system even if it's not immediately
Google, for all their strengths, was idiotic for releasing a product
that breaks the way millions of web applications, including some of
their own, work. Note that no one from Google came out citing RFCs as
the reason their product is wreaking havok across the web, because they
realize more than anyone else that GWA is broken, which is *why they
took it down it after just a few days*. I find it funny that so many
people are rushing to their defense -- they're a big company and can
http://photomatt.net | http://wordpress.org
http://pingomatic.com | http://cnet.com
More information about the wp-hackers