[wp-hackers] Rethinking check_admin_referer()

Sam Angove sam at rephrase.net
Wed Apr 19 09:19:53 GMT 2006

On 4/19/06, Matt Mullenweg <m at mullenweg.com> wrote:
> Yes. These aren't doors and locks. It's more like taking your shoes off
> at airport security. The chances of anyone having something bad in their
> shoes is infinitesimal, and it mostly serves to make people feel better.

Well, it's the same with doors and locks: the chance that someone will
exploit my unlocked door is infinitesimal. Of course, I'll be the only
one affected if I'm robbed blind, so I can see why the door vendor
doesn't care either way. That doesn't make it good advice, and the
vendor deserves criticism for giving it.

The shoes are bad security because the tradeoff isn't worth it, but
better CSRF protection won't require users to queue for a half-hour
with bare feet.

> Are you sure you want an answer? [ OK ] [ Cancel ]

[ OK ]. Prompts are okay if they're not too frequent and they don't
cause data loss. I don't see why either would be a problem here,
except possibly with plugins.

>  many of the brightest minds in a given
> field are not interested in the "glory" of creating a fuss on bugtraq
> and their ilk.

I'd hope that these "brighest minds" weren't so criminally
irresponsible as to leave others in their field so ignorant that
they'd continue to advocate this method in books and articles on web
application security. Or, for that matter, that they'd fail to notify
the browser vendors, who should be able to fix any vulnerability of
this type fairly easily.

More information about the wp-hackers mailing list