[wp-hackers] Rethinking check_admin_referer()
Matt Mullenweg
m at mullenweg.com
Wed Apr 19 05:24:27 GMT 2006
Sam Angove wrote:
> The best answer is for them to remove their anti-CSRF security
> completely? The solution is to get a better lock, not leave the door
> open.
Yes. These aren't doors and locks. It's more like taking your shoes off
at airport security. The chances of anyone having something bad in their
shoes is infinitesimal, and it mostly serves to make people feel better.
If one person is allowed to walk through with their shoes on (as people
were allowed to for years) the security of airport isn't compromised.
Important problems are ones that are easily scriptable into worms: SQL
injection, arbitrary PHP code execution, site defacing, etc.
Our first and best line of defense is always going to be around how we
filter and display submitted HTML. This can also be easily tightened up
without compromising the user experience.
> I think the reason you can't find anything is because there's nothing
> to find. A working exploit would be big news. Here's a relevant
> Crypto-Gram article[1]. ;)
Just as Douglas Crockford deemphasized JSON for years because of the
troubling security implications, many of the brightest minds in a given
field are not interested in the "glory" of creating a fuss on bugtraq
and their ilk.
> How are users being punished? The worst case for them should be the
> occasional "are you sure you want to do this?" confirmation page,
> which is *better* than the current "wrong referrer" die().
Are you sure you want an answer? [ OK ] [ Cancel ]
--
Matt Mullenweg
http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com
More information about the wp-hackers
mailing list