ajax - How do I mitigate replay attacks when talking about actions that shouldn't happen twice?

admin管理员组

文章数量:1335404

A nonce is supposed to first help me against CSRF and help against replay attacks is just a bonus if I "personalize" the nonce to something like pay-user-{id}, but here's the problem - if my link looked like /wordpress/admin_ajax.php?action=pay-user&id=20&security=ej3548 I have 2 cases to take care of:

1. I created a nonce without the specific user ID, pay-user - if an attacker obtains the nonce, he can make me click that link and pay any user.
2. I created a nonce with the specific user ID, pay-user-{id} - if an attacker obtains the nonce, he can only make me replay that request, since the nonce was made to verify that specific (to {id}) action.

But that's still an issue in a lot of cases, paying someone is a prime example. I can't be made to pay someone else, but if I make that request 10 times, I'll pay that specific person 10 times.

Is there no specific "per request" hashing?

What to do?

本文标签： ajaxHow do I mitigate replay attacks when talking about actions that shouldn39t happen twice