[wp-hackers] Any other way to do it? (or, do we really need
Nonces?)
Elliotte Harold
elharo at metalab.unc.edu
Fri Mar 2 15:33:46 GMT 2007
Peter Westwood wrote:
> Yes but if I can convince you to click on a link that takes you to your
> blogs admin then I can just as likely convince you to click on a form
> post button that does the same.
The difference is you don't need to convince me to click on a link. You
can force my browser to follow a link in several ways without any human
intervention. That isn't the case with POST, I brought up the JavaScript
because it had been suggested that could be used to force a POST without
human intervention. I'm not sure that's true but it's worth investigating.
--
Elliotte Rusty Harold elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
More information about the wp-hackers
mailing list