[wp-hackers] Rethinking check_admin_referer()
ringmaster at midnightcircus.com
Tue Apr 18 11:18:09 GMT 2006
Mark Jaquith wrote:
> Okay, so more than just an annoyance for people who aren't sending HTTP
> referrers. Using a key solves this, by locking things down to the
> blog/user/action/object level. I don't see the point of using a
> nonce... if you can intercept the key, you have already compromised the
> blog. In addition, the use of nonces would create a DB write on every
> access of a wp-admin <form>... not exactly ideal.
When I use the term "nonce" before, it's not necessarily the true
meaning. I meant what you're saying here: One key per user per action.
The main idea is that you *don't* want to store the generated key
anywhere, because that requires an expensive write operation.
It might also be possible to cause these keys to time out, so even if
they were obtained once, there would be a limited opportunity to use them.
More information about the wp-hackers