OAuth nonces are not synhronized in a distributed setup
-------------------------------------------------------
Key: AMDATUAUTH-65
URL: http://jira.amdatu.org/jira/browse/AMDATUAUTH-65
Project: Amdatu Auth
Issue Type: Bug
Components: Authorization & authentication, OAuth server
Affects Versions: 0.1.1
Reporter: Ivo Ladage - van Doorn
Fix For: 0.2.0
The nonces are stored in-memory by the SimpleOAuthValidator. That works nice in
a standalone application, but fails in a distributed setup. In a cluster,
replay attacks would still be possible just because the attack is replayed on a
different server then the original.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers
