Does CakePHP offer nonce support?

Question

Does CakePHP offer nonce support?

533 views Asked by emersonthis At 25 November 2024 at 11:15

I am on CakePHP 2.4 and I want to block access to a specific endpoint from un-authorized requests (not coming from my site). I believe a nonce is the right tool for this job. Does CakePHP offer support for this? I didn't find it in the docs, but perhaps I overlooked something.

Original Q&A

There are 4 answers

**XuDing** · Answer 1 · 2013-12-17 05:31:38

XuDing On 17 December 2013 at 05:31

CakePHP Security component http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html will automatically add nonce to its generated form to prevent CSRF attack.

**floriank** · Answer 2 · 2013-12-16 16:43:33

If the core does not provide an adapter for it then you'll have to write one yourself. How to do that is explained on the doc page you've linked in your question.

Or check https://github.com/ceeram/Authenticate, maybe the Token adapter is what you're looking for.

**Justin Yost** · Answer 3 · 2016-02-29 17:36:55

CakePHP 2.x does offer nonce support.

In the general web community this is a type of attack called CSRF or Cross Site Request Forgery.

To prevent this type of attack, you want to use the Security Component which has specific features to prevent this type of attack. The book has a lot more information in detail about using this feature.

**cletsimon** · Answer 4 · 2017-04-03 05:06:35

Yes, it does. You can enable it app/Controller/AppController.php https://book.cakephp.org/2.0/en/core-libraries/components/security-component.html#csrf-protection

public $components = array(
    'Security' => array(
        'csrfExpires' => '+1 hour'
    )
);

TechQA.

Does CakePHP offer nonce support?

There are 4 answers

Related Questions in PHP

Related Questions in SECURITY

Related Questions in CAKEPHP

Related Questions in CAKEPHP-2.0

Related Questions in NONCE

Popular Questions

Popular Tags

Trending Questions