[wp-hackers] Enable Sending Referrers
mark.wordpress at txfx.net
Tue Aug 16 02:42:03 GMT 2005
David Chait wrote:
> Yeah, wouldn't some server-generated hash code (like some of the
> comment-spam plugs use) be a MUCH better/safer verification technique?
>>> Matt Mullenweg:
>>> POST is spoofable with JS, we've been over this already.
>> and sending referrals isn't?
Well, I don't know of any way to spoof a referral for someone else. I
don't think JS can do it. So, you can't both spoof a referral and have
someone appear to be logged in. Still, referrals are a pain. My
SideKick doesn't send 'em, so I can't do many WP functions on-the-go.
Many routers strip them out.
I think a unique hash method might work nicely. md5() the DB password +
post/comment ID. What are the downsides to this method?
MCincubus @ #wordpress
More information about the wp-hackers