Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Denis Goncharenko2019-03-04 10:34:43
Information Security
Denis Goncharenko, 2019-03-04 10:34:43

What is the meaning of wp_nonce?

I understand how wp_nonce works, when submitting a form, a token is generated based on some variables:

substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 )

Then, after submitting the form, it is checked by the server:
hash_equals( $expected, $nonce );
But damn it, what's the point? If we can look at the token generated in the form and submit it along with our "left" form and data? In theory, these tokens should be one-time, in WordPress, as far as I understood from the code, they are not one-time, but simply valid for some time. But even if you make them disposable, you can just open the form, see the token, not send the original form, but send the one you need, with the current token, so it is used only once. I do not understand something?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
A
Andrew2016-03-15 08:11:48
How to study information security / hacking? 4Reply
S
SKEPTIC2020-07-21 11:47:08
Securely storing an authentication token on an Android/IOS client? 2Reply
K
known_name2020-07-24 10:17:52
How to get into cybersecurity? 3Reply
A
Alexander2020-07-25 14:02:20
Is there a corporate network screenshot? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question