© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
Because of https, we don't have to worry about replay attack for now.
But it's true that this implementation is terrible.
We should:
1- Rename the ensureNonce() method to checkNonceAndTi
2- Look for the nonce using both nonce and timestamp. If there is one, we reject the request because that's not allowed.
3- Look at the latest timestamp/nonce for the request and only allow it if the timestamp is within our window of that last timestamp received. (We allow the window because of pipelining). So we deviate from the spec here.
4- The rationale for this deviation should be explained in way that doesn't make you puzzled for half an hour.
5 (optional) clear out old nonce information. With the above logic that's only to save on cruft, because it's not needed per-se.