Suggestions for using NONCE

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #1018
    marios88
    Participant

    Whats your opinion for using nonces in state changing GET requests?

    Wordpress has an nice solution with an intermediate page when the nonce doesn’t validate but its unusable as its integrated into the framework

    Do you have any suggestion for a framework agnostic nonce class, preferably stateless

    #1019
    Sentient_Blade
    Guest

    > Whats your opinion for using nonces in state changing GET requests?

    That you should fix the actual root of the problem rather than trying to cover it up. The only things GET requests should be changing the state for is things like activity logging and de-auth.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.