[wp-hackers] Security at Wordpress
skeltoac at gmail.com
Mon Apr 24 11:58:33 GMT 2006
On 4/24/06, Andrew Krespanis <leftjustified at gmail.com> opined:
> Looks fine :)
Not bad at all.
Still, if you removed the ability to do everything via GET, how am I
going to approve comments from my email with a single click, assuming
I don't allow HTML in my emails? I think that's the actual bar. It may
be unreasonable from a pure security standpoint but the convenience is
more routinely visible than the security.
If you only moved certain actions (e.g. delete post) out of the GET
domain while leaving others alone (e.g. comment moderation) you'd
probably have more luck getting your code committed.
More information about the wp-hackers