You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For our application the request can ONLY happen over SSL (we implement no other connection options). So I'm trying to determine if there is any purpose in verifying the oauth_nonce. I believe that the purpose of the nonce is entirely to prevent replay attacks which is already a feature of SSL.
Storing the nonce values will cost money and waste time for each user so I only want to do it if it has some value. Is there value in storing nonces and rejecting any duplicate requests when the request is made over SSL?
For our application the request can ONLY happen over SSL (we implement no other connection options). So I'm trying to determine if there is any purpose in verifying the oauth_nonce. I believe that the purpose of the nonce is entirely to prevent replay attacks which is already a feature of SSL.
Storing the nonce values will cost money and waste time for each user so I only want to do it if it has some value. Is there value in storing nonces and rejecting any duplicate requests when the request is made over SSL?
I asked this question on StackOverflow as well, but thought someone here might have more specific information:
https://stackoverflow.com/q/44469654/796999
The text was updated successfully, but these errors were encountered: