[wp-hackers] Security at Wordpress

[Elliotte Harold]

Robert Deaton wrote:

> Think about every area in the admin panel where it makes sense to use
> a normal link instead of a form button to do things. Let's take the
> manage posts page, where the Delete action is one that uses GET to
> carry out an action. Now, let's think about a cross browser way to
> make this link POST its data instead, without javascript, because we
> have to be kind to those who disable javascript. Oh, yeah, we can make
> a form with a submit button, but that doesn't match all the other
> links to do things on the page, and it'd look completely wrong if we
> changed everything to submit buttons. Oh wait, we can style that with
> CSS? You're leaving a few browsers out. So now what do we have? An
> ugly interface, which will surely raise more eyebrows, to fix a
> problem that has a different solution.

There's a very good reason to make the DELETE action look different. It 
is not side-effect free, unlike a lot of the other actions. The user 
should see a visual distinction that clues them in that something is 
different about this action they're abut to take. Having delete look 
different is a feature, not a bug.

> As far as I'm concerned, until there is a solution that makes sense
> for this problem, I'm fine with abusing the HTTP standard.

It sounds like you're happy living in a house that will fall down when 
someone leans on the wrong corner as long as you get to paint the 
molding in just the right shade of puce. Frankly I find that attitude 
incomprehensible, though lord knows I've seen enough of it over the last 
ten years, even before JavaScript and CSS were invented. Perhaps it's 
just how we're wired. Some people focus on the external appearance and 
some focus on the internal architecture, and neither will ever 
understand or comprehend the other.

The best you can hope for is a decoupling of the internal architecture 
from the external appearance so that one can be changed without 
affecting or limiting the other. To a large extent that's what CSS and 
XForms attempt to provide on the Web. Unfortunately we're not all the 
way there yet.

For me at least, until we are, I'm much more concerned about getting the 
architecture right to provide the security, scalability, and robustness 
I want out of a web app. I can live with a site where the delete link 
looks a tad funky. I can't live with a site where any contributor or 
commenter can delete a post they don't like.

-- 
Elliotte Rusty Harold  elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim