Let's say a page is shown to an authenticated user with various deletion links on it. Each link has a nonce. What's to prevent a hacker from having sniffed that connection and gotten the nonce, and then immediately using it to delete a bunc开发者_如何学Ch of data by spoofing the authenticated user and using the nonce?
Nothing. SSL can help a bit by preventing the sniffing. What you are referring to is called Session Sidejacking
http://en.wikipedia.org/wiki/Session_hijacking
I have also desribed here how you can easily sidejack a Facebook Session:
http://madhur.github.com/blog/2011/06/12/facebooksessionhijacking.html
LinkedIn Session:
http://www.wtfuzz.com/blogs/linkedin-ssl-cookie-vulnerability/
The nonce-including links were created by the server, therefore the server knows independently that the nonce it supplied to user Adam is X (it associates the nonce with Adam's session).
If Mallory sniffs the nonce but cannot also highjack Adam's session, then the server will know that such forged requests (associated with Mallory's session and his different nonce Y) are definitely invalid and reject them.
However, the reason for the nonce's presence is not the above because in practice, someone who could sniff the nonce could almost certainly highjack the session as well.
Rather, it makes the "correct" deletion link impossible for Mallory to guess in advance. This means that a successful attack would have to be orchestrated and executed within the time period that Adam's session is valid, which greatly reduces the attack surface from the "I can script this today and Adam might hit my mine in 10 years and it will still work" previous state of affairs.
Encrypted connections / HTTPS?
精彩评论