akismet: sending session cookies
This is effectively a backdoor.
It was bought up on the askimet mailing list that there was a problem but matt said the contents of $_SERVER were useful.
As it is included by default I just thought people should know that it sends all the cookies for your whole domain (i.e. if you are logged into another application on your domain and make a comment on your blog it will send these too ).
Matt I strongly suggest you don’t send cookies to Akismet.com. As Dirk Haun wrote on the akismet mailing list there are privacy and security implications.
- The topic ‘akismet: sending session cookies’ is closed to new replies.