Add NONCE and Permission valdation to ajax calls

« Orbital project page

insecurity is lame yall.

Details

Id: 49272b7fe2ff532b38f748d1809f910937c663d4
Type: feature
Creation time: 2011-12-29 16:25 UTC
Creator: Matt Katz <ditz@...>
Release: 0.2 Wordpress integration (unreleased)
Component: Orbital
Status: closed: fixed fixed

Issue log

2014-10-30 01:29 UTC Matt Katz <ditz@...> closed with disposition fixed
this could be done better, but I want to make sure I have something in there.
2014-10-28 11:58 UTC Matt Katz <ditz@...> changed status from unstarted to in_progress
2012-07-17 22:32 UTC Matt Katz <ditz@...> assigned to release 0.2 Wordpress integration from 0.1 - Feeds, Subscribed
it's alpha. this can wait till we get some testing. hope this doesn't bite me in the ass.
2012-02-17 12:20 UTC Matt Katz <ditz@...> commented
Ok - so looks like we should add a nonce per ACTION. That way we can be sure user is performing the action they intend. Also hearing that wordpress lets you use nonce more than once, which is confusing.
2012-01-05 22:13 UTC Matt Katz <ditz@...> assigned to release 0.1 - Feeds, Subscribed from unassigned
2011-12-29 16:25 UTC Matt Katz <ditz@...> created
Generated by ditz.