[wp-hackers] Rethinking check_admin_referer()

Paul Mitchell wp-hackers at paul-mitchell.me.uk
Fri Apr 21 21:05:05 GMT 2006

Owen Winkler wrote:
> Paul Mitchell wrote:
>> Interesting. I'd think twice about sending the DB_PASS to anything other
>> than the database.
> DB_PASS is used throughout WordPress as a unique, private seed for
> generating MD5 hashes.  This case is no different.  Nobody is going to
> get your database password by looking at a generated nonce.
Sorry, I'm getting confused. I was thinking of DB_PASSWORD. I can't find
a definition for DB_PASS anywhere in trunk.


More information about the wp-hackers mailing list