[
http://jira.amdatu.org/jira/browse/AMDATUAUTH-65?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivo Ladage - van Doorn resolved AMDATUAUTH-65.
----------------------------------------------
Resolution: Fixed
Implemented a custom validator which uses a pluggable nonce storage provider.
The oauth project comes with an in-memory storage, which is obviously still not
distributed. The new pluggable approach however facilitates implementing a
Cassandra storage for nonces, making it distributed.
> OAuth nonces are not synhronized in a distributed setup
> -------------------------------------------------------
>
> Key: AMDATUAUTH-65
> URL: http://jira.amdatu.org/jira/browse/AMDATUAUTH-65
> Project: Amdatu Auth
> Issue Type: Bug
> Components: Authorization & authentication, OAuth server
> Affects Versions: 0.1.1
> Reporter: Ivo Ladage - van Doorn
> Assignee: Ivo Ladage - van Doorn
> Fix For: 0.2.0
>
>
> The nonces are stored in-memory by the SimpleOAuthValidator. That works nice
> in a standalone application, but fails in a distributed setup. In a cluster,
> replay attacks would still be possible just because the attack is replayed on
> a different server then the original.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers
