GetSimple Support Forum GetSimple Developer Discussions v
nonce functions

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
nonce functions
Carlos Offline
Posting Freak
*****
Posts: 3,491
Threads: 106
Joined: Mar 2010
#1
2012-10-04, 20:52:06
Most (if not all) plugins that have a backend do not make use of GS get_nonce, check_nonce... functions.
Should they?
Does this make GS+plugins less safe?
Website Find
Reply
shawn_a Offline
Lead Developer
*******
Posts: 6,266
Threads: 181
Joined: Sep 2011
#2
2012-10-04, 21:29:09
I think it would be harder to target a csrf attack on a plugin.
You really have to know your victim has a high probability of having it installed
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Website Find
Reply




Users browsing this thread: 1 Guest(s)