#328: Consider adding support for nonces
-------------------------+--------------------------------------------------
Reporter: david | Owner: david
Type: enhancement | Status: new
Priority: low | Milestone: 1.1
Component: _OTHER_ | Version:
Severity: major | Resolution:
Keywords: | Has_patch: 0
-------------------------+--------------------------------------------------
Comment (by david):
More ideas:
* force timeout values for nonces
* allow binding of tokens to actions?
* what happens if a nonce doesn't exist in the session?
* {{{SecureAction}}}, I'd say
* what happens on a timeout?
* {{{SecureAction}}}, unless you've given corresponding info. example:
{{{$this->createNonce(120, $this->createExecutionContainer('SameModule',
'SameAction', null, null, 'read');}}} (assuming #667 is implemented
already). this would then redirect to the same page, but with {{{read}}}
as request method. essentially, it shows the form again
* any way to tie it into validation?
* how do we even know the action requires a nonce?
--
Ticket URL: <http://trac.agavi.org/ticket/328#comment:5>
Agavi <http://www.agavi.org/>
An MVC Framework for PHP5
_______________________________________________
Agavi Tickets Mailing List
[email protected]
http://lists.agavi.org/mailman/listinfo/tickets
