[wp-trac] [WordPress Trac] #21111: Make nonce unique for users AND non-users
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 29 14:27:10 UTC 2012
#21111: Make nonce unique for users AND non-users
-------------------------+------------------------------
Reporter: sc0ttkclark | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: |
-------------------------+------------------------------
Comment (by nacin):
I don't see how this would work. uniqid() uses the current time in
milliseconds, which means that a nonce generated to be given to the user,
and a nonce generated to be compared to the nonce provided by the user,
will never match.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21111#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list