开发者

A nonce for each function or one for all AJAX calls?

开发者 https://www.devze.com 2023-01-08 11:33 出处:网络
I\'m using nonces as WordPress uses them. It\'s an extra security measure, a hash that is being sent to the server that changes within ever few hours.

I'm using nonces as WordPress uses them. It's an extra security measure, a hash that is being sent to the server that changes within ever few hours.

If that hash is not there, the request is invalidated.

The page I am working on has many AJAX c开发者_如何学JAVAalls (about 20 or so). Right now, I have a difference unique nonce for each one. Is that necessary? Should I just keep it with one generic "AJAX" nonce used for all the requests?


Unless you're doing something funky, there's not much computational overhead in having unique nonces. The added benefit is probably minimal, but I'd say it's worth leaving it the way you have it.

0

精彩评论

暂无评论...
验证码 换一张
取 消