Consider adding support for nonces

[david]

http://en.wikipedia.org/wiki/Cryptographic_nonce

The advantages of something like that should be obvious. Makes apps invulnerable to bad link attacks and all that stuff. Also makes adding support for CAPTCHAs easier, for instance.

[_cheerios]

Some thoughts:

Could FPF be adjusted to add a hidden text field with nonce as value to forms? If possible, it would automate everything that is necessary for nonce support*.

Nonce could be constructed from: 1) cnonce: unique value in user's session 2) salt: a secret value stored server side (and perhaps, 3) username: username of user stored in session)

After use of nonce, the cnonce value would be updated in the session to invalidate the used nonce.

* Ajax calls could be made to work by having the nonce be available as a global variable that gets appended to the parameters on submit. This is beyond Agavi.

[david]

More ideas:

• force timeout values for nonces
• allow binding of tokens to actions?
• what happens if a nonce doesn't exist in the session?
  • SecureAction, I'd say
• what happens on a timeout?
  • SecureAction, unless you've given corresponding info. example: $this->createNonce(120, $this->createExecutionContainer('SameModule', 'SameAction', null, null, 'read'); (assuming #667 is implemented already). this would then redirect to the same page, but with read as request method. essentially, it shows the form again
• any way to tie it into validation?
• how do we even know the action requires a nonce?