[Pki-devel] [PATCH] Session-based nonces.
Endi Sukma Dewata
edewata at redhat.com
Fri Jan 25 20:18:43 UTC 2013
Previously nonces were stored in a global map which might not scale
well due to some issues:
1. The map used the nonces as map keys. There were possible nonce
collisions which required special handling.
2. The collision handling code was not thread safe. There were
possible race conditions during concurrent modifications.
3. The map was shared and size limited. If there were a lot of
users using the system, valid nonces could get pruned.
4. The map mapped the nonces to client certificates. This limited
the possible authentication methods that could be supported.
Now the code has been modified such that each user has a private map
in the user's session to store the nonces. Additional locking has been
implemented to protect against concurrent modifications. The map now
uses the target of the operation as the map key, eliminating possible
collisions and allowing the use of other authentication methods. Since
this is a private map, it's not affected by the number of users using
the system.
Ticket #474
--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-edewata-0202-Session-based-nonces.patch
Type: text/x-patch
Size: 49618 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130125/6a7a984d/attachment.bin>
More information about the Pki-devel
mailing list