Nonce System
#1074
Replies: 1 comment
-
|
This sounds like it would probably be integrated at the server level, through something like an envelop plugin rather than doing it in resolvers at the schema level with pothos. I haven't built a system like that before, so I dont feel confident recommending a specific way to implement something security sensitive without more a lot of investigation. If you do end up implementing this, I'd be interested in seeing how it works. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am looking to implement a nonce system in my web application, which uses Urql and Yoga GraphQL for data retrieval and mutations. A nonce (number used once) is a random value generated and used only once to enhance security and protect against replay attacks.
I would like to seek guidance or best practices on how to create a nonce system within this setup to ensure the security of sensitive GraphQL mutations and requests.
On the server side, what are the steps to validate and secure the nonce to prevent replay attacks?
Beta Was this translation helpful? Give feedback.
All reactions