[wp-hackers] Rethinking check_admin_referer()
dmhouse at gmail.com
Thu Apr 20 11:03:42 GMT 2006
Everyone that has participated in this debate:
This is a call for clarity. Amongst the plethora of arguments,
counters, counter-counters, metaphors, buzzwords and changes of
opinion I have little idea what is going on. I've tried to keep up
with the thread, but I, and I guess others, don't really have a grasp
of what the options are.
Thus I would like to be presented with:
1) The problems present in the current system.
2) A list of the options.
3) Their relative pros/cons.
4) Your opinion.
As I read it, the first currently stands as follows:
1) Annoyance when the referer check doesn't work, security holes
arising from clicking links in comments within the admin, or missed
But the for other three I've either got an incomplete picture, or no
idea at all.
-David House, dmhouse at gmail.com, http://xmouse.ithium.net
More information about the wp-hackers