WP REST API: check if user is logged in
The idea is to show or hide some sections of the site in a theme that’s fetching all data from the REST API, using AngularJS.
nonce
Ajax function returns -1
I have a question.
Security around save_post hook
There are a lot of examples using the save_post hook, that include adding and verifying a nonce, and checking the user has appropriate permissions before you continue.
Using nonce external of WP Admin
All,
I’ve got two wordpress pages. One wordpress page displays a form to do some registration stuff for the website. The second wordpress page actually processes the data and inserts it into a custom MySQL table that I have. I’d like to use the nonce functionality inherit to WordPress. The user doesn’t have to be a WordPress admin or have any type of permissions to be able to do it.
How long should a random nonce be?
NIST provides good guidelines on the length of keys and hashes for various algorithms. But I don’t see anything specifically on the length of a random or pseudo-random nonce (number used once).
AES use same Nonce security risk?
If I use AES-GCM and encrypt data with a 128 Bit Key and always use the same Nonce.
when to use nonce?
I have trouble understanding nonce. I read a very good answer related to nonce by @Thomas Pornin, but it is too complicated for me as I am new to cryptography. From what I know, nonce is used to validate a form upon submission and avoid resubmission using a nonce, and to ensure the from is submitted by a valid user. Am I correct? and is this prevent CSRF implements it correctly?
For example, login form. Do I need to implement the nonce for this?
optimal way to salt password?
A good way to salt password?
I have read a few answers related to salting password. But I started to get confused.
I came across few functions people used to generate salt like:
Error blocked loading of Jquery.js – Content Security Policy
I am getting below error while loading application:
Can I use part of PBKDF2 output as an IV (nonce)?
SHA-256 generates a 32-byte hash, Is it a safe practice to use the first 16 as an iv (nonce) and the second 16 as a key ?
What other things I should consider when using PBKDF2 in a scenario like this ?