[wp-hackers] Rethinking check_admin_referer()

Brian Layman Brian at TheCodeCave.com
Fri Apr 21 21:57:23 GMT 2006


Owen boasted:
>Interested parties should review this ticket:
>http://trac.wordpress.org/ticket/2678
>Owen

This is a very good solution Owen.  

It has several very good things going for it:
1. The nonce is generated with information that never reaches the client
side (Use of the PW was clever Owen, my per user daily random number was
overkill.)
2. The nonce is time dependant.  Therefore, there is only a small window for
it to be stolen and used.
3. Equally importantly, the nonce is action specific.  Therefore, any
vulnerability can only be exploited when the admin user has just done that
action once.

Everything I was trying to achieve in the outline here:
http://comox.textdrive.com/pipermail/wp-hackers/2006-April/005797.html

I'll reread the whole patch later tonight, but it looks like you've hit the
mark pretty squarely.

I know nothing of the trac system you all use or where to get the nightly
builds. If frankly never wanted to know before.

Is there a place where I can grab the code with those changes in it?
Frankly that diff file was a royal pain to read.
Is there software that I should have that generates/reads those?  Could you
give me a quick rundown on that or point me to a link that describes that
whole side of the WP world?



More information about the wp-hackers mailing list