The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
From: Mark Jaquith <mark.wordpr...@txfx.net>
Date: Sun, 23 Sep 2007 13:48:34 -0400
Local: Sun, Sep 23 2007 1:48 pm
Subject: Re: [wp-hackers] Plugin update & security / privacy
On Sep 23, 2007, at 5:35 AM, Moritz 'Morty' Strübe wrote:
> I know this will not change until Monday, but is it really I don't know, but I'm trying to find out. It seems unnecessary to > necessary to > transmit the URL? Wouldn't the md5 of the URL do? I know it's easy to > find WP-Blogs via google. But imagine have them all nicely in a > database > - All of them. Including version, plugins and so on. If that database > gets public and you find a security bug in one of the plugins - there > are enough - you can start a _very_ effective attack! > -> update.php:85 $http_request .= 'User-Agent: WordPress/' . me. And it definitely works without it (or with a different -- anonymous -- string). Matt wrote that code, so I'll try to get a hold of him today. -- Covered Web Services WordPress Ninja @ b5media Inc _______________________________________________ You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||