A nonce for each function or one for all AJAX calls? | ansaurus

tags:

views:

106

answers:

1

+1 Q:

A nonce for each function or one for all AJAX calls?

I'm using nonces as WordPress uses them. It's an extra security measure, a hash that is being sent to the server that changes within ever few hours.

If that hash is not there, the request is invalidated.

The page I am working on has many AJAX calls (about 20 or so). Right now, I have a difference unique nonce for each one. Is that necessary? Should I just keep it with one generic "AJAX" nonce used for all the requests?

+1 A:

Unless you're doing something funky, there's not much computational overhead in having unique nonces. The added benefit is probably minimal, but I'd say it's worth leaving it the way you have it.

Zach Rattner 2010-08-09 03:20:42

related questions

What JavaScript patterns do you use most?

Javascript events

What style do you use for creating an "class" in JavaScript?

Graphing JavaScript Library

What's the difference in closure style

Getting the text from a drop-down box

How to specify javascript to run when ModalPopupExtender is shown

Length of Javascript Associative Array

How Do I Post and then redirect to an external URL from ASP.Net?

How to set up a CSS switcher in ASP.NET

Wrapping lists into columns

Javascript keyboard events primer? (or rather: help me with my custom dropdown)

Http Auth in a Firefox 3 bookmarklet

Best Debugging Tools for JavaScript/xulrunner Development

How can I turn a string of HTML into a DOM object in a Firefox extension?

Call ASP.NET Function From Javascript?

Javascript troubleshooting tools in IE

MAC addresses in JavaScript

Capturing TAB key in text box

CSS Background Color in Javascript

How can I make the browser see CSS and Javascript changes?

Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?

ASP .Net Custom Client-Side Validation

What JavaScript library would you choose for a new project and why?

Detecting font in JavaScript