[wp-hackers] Rethinking check_admin_referer()

[Brian Layman]

Sam:
>If that's the case then I apologize for wasting everyone's time. In the
nonce.2.diff patch on trac, it's this:
>md5($end . DB_PASS . $action . $uid);
>I don't see a user password there.

You, sir, are correct.  I saw what I wanted to see. That's not the
hashed UserPW, but the user ID.  The hashed PW would be more secure of
course, but the DB_Password will still be a difficult item to guess at.


Is there anyone here that was assigned a simple single word MySQL DB
password by their shared server host?