[wp-hackers] Security at Wordpress
Ryan Duff
ryan at ryanduff.net
Mon Apr 24 12:57:39 GMT 2006
Andy Skelton wrote:
> On 4/24/06, Andrew Krespanis <leftjustified at gmail.com> opined:
>> Looks fine :)
>
> Not bad at all.
>
> Still, if you removed the ability to do everything via GET, how am I
> going to approve comments from my email with a single click, assuming
> I don't allow HTML in my emails? I think that's the actual bar. It may
> be unreasonable from a pure security standpoint but the convenience is
> more routinely visible than the security.
>
> If you only moved certain actions (e.g. delete post) out of the GET
> domain while leaving others alone (e.g. comment moderation) you'd
> probably have more luck getting your code committed.
>
> Andy
What about a hash appended to the link that is generated when the email
is sent? To delete it via a single click it would require the hash to
match. The other POST method could be used in the admin interface for
security there.
The only person that would get the hash would be the email recipient,
removing the risk of anybody being able to craft a link and cause you to
delete something with a single click.
--
Ryan Duff
http://ryanduff.net
AIM: ryancduff
irc.freenode.net #wordpress #plogger
More information about the wp-hackers
mailing list