nonce

In a attempt to make the current application I'm developing more secure, I've been reading about CSRF tokens and also Nonce. My question simply is, Are CSRF tokens and Nonce the same thing? from what I could gather so far is that both these methods have different techniques to accomplish the same goal, or am I misunderstanding something? If they are different, could you be nice enough to provide some example code or point me to some links where i can learn more about how to implementing nonces in PHP apps. Thanks! zerkms Nonce is usually some random string that is added to request just to

I have a webservice build in PHP that uses UsernameToken as authentification mechanism. I have PHP client side code that can access this web service. Now I need to do this in Java. Maybe you can help me! This service can be accessed using the following php code: $password="super_secure_pass"; $timestamp=gmdate('Y-m-d\TH:i:s\Z'); $nonce=mt_rand(); $passdigest=base64_encode(pack('H*',sha1(pack('H*',$nonce).pack('a*',$timestamp).pack('a*',$password)))); $nonce=base64_encode(pack('H*',$nonce)) These values get parsed into this Soap header. <wsse:Security SOAP-ENV:mustUnderstand="0" xmlns:wsse=

W3C says there is a new attribute in HTML5.1 called nonce for style and script that can be used by the Content Security Policy of a website. I googled about it but finally didn't get it what actually this attribute do and what changes when using it? The nonce attribute enables you to “whitelist” certain inline script and style elements, while avoiding use of the CSP unsafe-inline directive (which would allow all inline script / style ), so that you still retain the key CSP feature of disallowing inline script / style in general. So the nonce attribute is way of telling browsers that the inline