[wp-hackers] Any other way to do it? (or, do we really need
Nonces?)
Peter Westwood
peter.westwood at ftwr.co.uk
Fri Mar 2 13:07:13 GMT 2007
Elliotte Harold wrote:
> It really is broken, and is going to continue to be a cause of security
> holes, but I have personally despaired of this being fixed short of a fork.
How does switching to POST over GET remove the possibility of security
holes? They are both just as exploitable from a security point of view
if they are not given protection.
Nonces are the best form of protection that we can give either of these
methods.
westi
--
Peter Westwood
http://blog.ftwr.co.uk
More information about the wp-hackers
mailing list