开发者

HTTP authentication, request received in quick succession

开发者 https://www.devze.com 2023-03-17 02:21 出处:网络
HTTP request may be received in quick succession, for avoiding re-running the while protocol for each request, the server nonce may be re-used (timestamp for nonce to determine the window in which cli

HTTP request may be received in quick succession, for avoiding re-running the while protocol for each request, the server nonce may be re-used (timestamp for nonce to determine the window in which client开发者_开发问答 request are valid) by the client for multiple requests.

What are pros and cons using this method?


The pros of re-using a nonce are that it does take less resources for maintaining and checking valid nonces and can avoid authentication failures for pipelined requests:

[…] the method chosen for generating and checking the nonce also has performance and resource implications. For example, a server may choose to allow each nonce value to be used only once by maintaining a record of whether or not each recently issued nonce has been returned and sending a next-nonce directive in the Authentication-Info header field of every response. This protects against even an immediate replay attack, but has a high cost checking nonce values, and perhaps more important will cause authentication failures for any pipelined requests (presumably returning a stale nonce indication).

However, the cons are that replay attacks are more probable than with one-time nonces:

For applications where no possibility of replay attack can be tolerated the server can use one-time nonce values which will not be honored for a second use. This requires the overhead of the server remembering which nonce values have been used until the nonce time- stamp (and hence the digest built with it) has expired, but it effectively protects against replay attacks.

0

精彩评论

暂无评论...
验证码 换一张
取 消