Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide utility nonce functions for plugin framework #1202

Closed
robocoder opened this issue Mar 13, 2010 · 3 comments
Closed

Provide utility nonce functions for plugin framework #1202

robocoder opened this issue Mar 13, 2010 · 3 comments
Assignees
@robocoder
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone
0.5.5

Comments

@robocoder
Copy link
Contributor

getNonce(), verifyNonce()

  • use Zend_Session_Namespace() to store session-dependent nonce, and use its built-in capabaility to expire entries
  • a criticism of some implementations is the reliance on a predictable input to the hash function (e.g., time() or non-private constants, e.g., user name) and/or low entropy (e.g., a single pseudo-random number generated value)
  • a more robust defense should incorporate referrer checking
@robocoder
Copy link
Contributor Author

(In [1915]) refs #1202 - example of using nonce

@robocoder
Copy link
Contributor Author

[1914] fixes #1202 - provide utility nonce functions for plugin framework

@robocoder
Copy link
Contributor Author

(In [1919]) refs #1202 - add comments and tweak algorithm

@robocoder robocoder added this to the Piwik 0.5.5 milestone Jul 8, 2014
@robocoder robocoder self-assigned this Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robocoder robocoder

Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Projects
None yet
Milestone
0.5.5
Development

No branches or pull requests
1 participant
@robocoder