[wp-hackers] Rethinking check_admin_referer()

[David Chait]

Wow.  If that's the case I'd prefer to have an AYS prompt on any 
possibly-nasty GETs (or POSTs), every time.  Screw the referrer check. ;)

And, sorry to jump backwards in the conversation to another thread point, 
but I know someone mentioned the 'overhead' of actually writing temporary 
hash codes, Nonces, whatever into the DB (with a timestamp... I did this 
with a session-based custom PHP app, makes it a bit more secure, especially 
with the last-visited IP ;).)  But we're talking administration commands 
with effects here.  Just admins.  The overhead of reading/writing hashes, 
when/where needed (even if it's every action/submit), for administration 
should be negligible compared to the hits of hundreds, or thousands of users 
(or more) per day.  Right?

-d

----- Original Message ----- 
From: "Robert Deaton" <false.hopes at gmail.com>
To: <wp-hackers at lists.automattic.com>
Sent: Wednesday, April 19, 2006 2:50 PM
Subject: Re: [wp-hackers] Rethinking check_admin_referer()


| On 4/19/06, Elliotte Harold <elharo at metalab.unc.edu> wrote:
| > Matt Mullenweg wrote:
| > > Elliotte Harold wrote:
| > >> But is this even allowed? With the default options is it possible to
| > >> put a form tag (or an img or script tag) in a comment?
| > >
| > > Of course not, but we're not talking about XSS, we're talking about 
CSRF.
| > >
| >
| >
| > OK, so the problem is that someone puts a form/link/img on another site
| > whose action indicates deleting an article on my site? The they have to
| > get me to go there and click it somehow? Am I understanding this?
|
| Yes, and thus the "edge case" description.
|
| --
| --Robert Deaton
| http://somethingunpredictable.com
|


--------------------------------------------------------------------------------


| _______________________________________________
| wp-hackers mailing list
| wp-hackers at lists.automattic.com
| http://lists.automattic.com/mailman/listinfo/wp-hackers
|