[wp-hackers] Any other way to do it? (or, do we really need Nonces?)

Peter Westwood peter.westwood at ftwr.co.uk
Fri Mar 2 13:07:13 GMT 2007

Elliotte Harold wrote:
> It really is broken, and is going to continue to be a cause of security 
> holes, but I have personally despaired of this being fixed short of a fork.

How does switching to POST over GET remove the possibility of security 
holes?  They are both just as exploitable from a security point of view 
if they are not given protection.

Nonces are the best form of protection that we can give either of these 

Peter Westwood

More information about the wp-hackers mailing list