[wp-hackers] Rethinking check_admin_referer()

Brian Layman Brian at TheCodeCave.com
Fri Apr 21 21:07:26 GMT 2006

>Am I missing something?  Again, why not a random cookie value each time??
Cookies, as rumored, are not secure.  The unique part of the nonce must be
stored in the database.

More information about the wp-hackers mailing list