Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder bacterozoid's Avatar
    Join Date
    Jun 2002
    Location
    USA
    Posts
    490
    Thanks
    24
    Thanked 35 Times in 35 Posts

    Preventing replay attacks when posting to PHP from JavaScript

    I understand how to prevent replay attacks - your API user sends the current timestamp along with the API request. When I get the request on my server, I check the timestamp...if it's too old, throw away the request.

    This works great if I'm using cURL on my web server or something to post to the API, because I can rely on the server time. How does this work if I want to post to the API directly from JS, though? I can't rely on the client time and I don't want to have to send the server time down from PHP and store it in JS.

    Assume this is all over SSL. Thanks!
    Last edited by bacterozoid; 02-26-2013 at 12:04 PM.

  • #2
    Regular Coder bacterozoid's Avatar
    Join Date
    Jun 2002
    Location
    USA
    Posts
    490
    Thanks
    24
    Thanked 35 Times in 35 Posts


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •