[wp-hackers] Rethinking check_admin_referer()

Paul Mitchell wp-hackers at paul-mitchell.me.uk
Mon Apr 17 10:57:03 GMT 2006


Andy Skelton wrote:
> The URL is the most-often logged piece of an HTTP request. I wouldn't
> feel good about that kind of security unless it were over HTTPS.
True, but I don't currently need your httpd log to forge a valid WP
admin command URL for your site, SSL or otherwise.

For sure, a PIN-armoured URL would be recorded in your site's httpd
logs. If that is a security issue, the PIN can be obfuscated or changed
regularly. The PIN won't be recorded in anyone else's logs. PIN leakage
through referral won't be a problem because the admin commands that need
protection naturally redirect and would remove the (now unnecessary) PIN
from the terminal URL.

Paul



More information about the wp-hackers mailing list