Get Satisfaction uses Javascript and cookies.

You'll need to enable Javascript and cookies to log-in and participate.

Know any helpful people?
Email this to a friend
- Your Name:
- Your Email:
- Email to: Enter up to 5 email addresses separated by commas
- Add an optional message
- Optional Message:
  Character limit of 1000 characters
- Or cancel
Twitter this
Share on Facebook
Get a short URL

Share it on these other sites

3 replies made

3 people participating

1 employee helping

Products & Services

Tag this topic

Related topics in OAuth

How does service provider know that a nonce was not used before?

Reply to this question

1 person has this question

I have this question, too! Tell me when someone answers.
The more people who ask this question, the more it gets noticed.

Remove Inappropriate?
Delete or Edit for 15 minutes

ablmf replied on February 26, 2008 04:08

As the nonce is generated by customer, service provider could hardly know if it was used before. And timestamp is not very reliable also.

I think hacker could use repeat attack if his program is fast enough.

this answers the question

Add a comment This answers the question
EMPLOYEE

Remove Inappropriate?
Delete or Edit for 15 minutes

Chris Messina, Official Rep, replied on February 26, 2008 04:10

Not really... it's up to the service provider to store the nonces and timestamps. There's certainly a scaling requirement, but if you want to be secure, you'll have to do it.

Search the mailing list for more on this topic.

this answers the question

Add a comment This answers the question Mark as a company answer
Remove Inappropriate?
Delete or Edit for 15 minutes

ablmf replied on February 26, 2008 06:55

I've considered this solution. But that means server provider have to store lots of nonces.

this answers the question

Add a comment This answers the question

Reply to ablmf's question

(Some HTML allowed)

Attach-an-image