[wp-hackers] Rethinking check_admin_referer()
John Joseph Bachir
jjb at ibiblio.org
Mon Apr 17 16:22:13 GMT 2006
I have had neither coffee nor lunch yet today so maybe I am forgetting
something obvious, but: isn't the biggest problem with with security
through referer checks that referers can be trivially spoofed from the
client side? Or to put it another way, the http client has the option of
supplying an arbitrary referer string?
John
----
aim/yim/msn/jabber.org: johnjosephbachir
713.494.2704
irc://irc.freenode.net/lyceum
http://lyceum.ibiblio.org/
http://blog.johnjosephbachir.org/
More information about the wp-hackers
mailing list