Create a single use link

views:

answers:

+1 Q:

Create a single use link

I'm writing a database front end for a website. Next to the records I want to include a link likes this:

 Record 1 - [Add][1] [Edit][2] [Delete][3]

But I want to protect these links from being used more than once. My thinking is to pass a hash value then store a list of valid HASH values in a table somewhere and only process requests with valid hash values. Is there a better way to do is?

Update: The answer to this question led me to ask this question: http://stackoverflow.com/questions/3221710/what-is-the-difference-between-a-nonce-and-a-guid. Why exactly would you use a nonce instead of a GUID?

+2 A:

Your idea is correct, except that you should use cryptographically secure random bytes (a "nonce") instead of a hash.

SLaks 2010-07-11 02:36:25

I'm hoping to find some method that would allow me to determine wether this was a first-time request without hitting the database. That would help protect from DOS attacks as well.

Michael Shnitzer 2010-07-11 02:41:21

I've read a little more about "nonce" value. Is it really the same idea as using a hash, but using the nonce value as the hash? For example, if I created GUID values using the perl Data::GUID module and used those for hash values would that be "nonce"?

Michael Shnitzer 2010-07-11 02:53:13

The point of the nonce is to be unpredictable. If you use a hash, you should use a keyed HMAC SHA 512 hash with a random key, and you should change the key frequently.

SLaks 2010-07-11 03:22:08

ansaurus

tags:

views:

answers:

Create a single use link

related questions