[wp-hackers] Rethinking check_admin_referer()
Paul Mitchell
wp-hackers at paul-mitchell.me.uk
Fri Apr 21 21:05:05 GMT 2006
Owen Winkler wrote:
> Paul Mitchell wrote:
>> Interesting. I'd think twice about sending the DB_PASS to anything other
>> than the database.
> DB_PASS is used throughout WordPress as a unique, private seed for
> generating MD5 hashes. This case is no different. Nobody is going to
> get your database password by looking at a generated nonce.
Sorry, I'm getting confused. I was thinking of DB_PASSWORD. I can't find
a definition for DB_PASS anywhere in trunk.
Paul
More information about the wp-hackers
mailing list