[wp-hackers] Moved from BlogWare to WordPress - Need Help
Sean Hickey
seanhickey at gmail.com
Sat May 20 10:56:35 GMT 2006
> Absolutely. The referer is just one of many pieces of evidence a website
> has to authorise a request, but it is a major one. It is a check I might
> relax upon demand ("behind a proxy? no worries! here's another way.")
> and certainly not one I would give up by default. I like to have a front
> door even though I know locks can be picked.
Good points Paul. My main reason for giving up referring checks is
because they backfire. I've used them on client websites before, and
when customers started complaining that they couldn't submit forms, I
stopped using them.
> Mark has answered your other questions. The wp_update_post() thing is
> just best practice. If the function already exists, use it. If the
> function doesn't already exist, find it. :)
Oh, grep has become my best friend when it comes to WordPress. :) In
the future I would certainly appreciate it if someone would drop me a
line when they have issues like this with one of my plugins. It's
kinda lousy to find out through a person, through another person,
through yet another person, that someone is saying don't use the
plugin. That just means a legitimate security hole in the plugin
goes unnoticed by me for that much longer. I usually make an attempt
to notify the developer if I find a security hole in the software, and
I've sent emails to the WP devs before because of security holes.
- Sean
--
http://www.headzoo.com
More information about the wp-hackers
mailing list