[wp-trac] [WordPress Trac] #10975: comment form nonce
WordPress Trac
wp-trac at lists.automattic.com
Mon Oct 19 22:07:25 UTC 2009
#10975: comment form nonce
-------------------------+--------------------------------------------------
Reporter: tellyworth | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Unassigned
Component: General | Version:
Severity: normal | Keywords: has-patch, dev-feedback
-------------------------+--------------------------------------------------
Changes (by johnbillion):
* keywords: has-patch => has-patch, dev-feedback
Comment:
I don't see what this solves. I assume it's attempting to prevent
automated commenting by bots. The nonce will be identical for every non-
logged in visitor so it'll be very easy for an automated comment bot to
get this nonce and use it in its requests, and then we're back to square
one.
Scribu: yes they can.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10975#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list