[Pki-devel] [PATCH] Session-based nonces.
Endi Sukma Dewata
edewata at redhat.com
Fri Jan 25 21:22:47 UTC 2013
On 1/25/2013 2:18 PM, Endi Sukma Dewata wrote:
> Previously nonces were stored in a global map which might not scale
> well due to some issues:
> 1. The map used the nonces as map keys. There were possible nonce
> collisions which required special handling.
> 2. The collision handling code was not thread safe. There were
> possible race conditions during concurrent modifications.
> 3. The map was shared and size limited. If there were a lot of
> users using the system, valid nonces could get pruned.
> 4. The map mapped the nonces to client certificates. This limited
> the possible authentication methods that could be supported.
>
> Now the code has been modified such that each user has a private map
> in the user's session to store the nonces. Additional locking has been
> implemented to protect against concurrent modifications. The map now
> uses the target of the operation as the map key, eliminating possible
> collisions and allowing the use of other authentication methods. Since
> this is a private map, it's not affected by the number of users using
> the system.
>
> Ticket #474
New patch attached. Fixed the session attribute name in
ProfileReviewServlet.java.
--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-edewata-0202-1-Session-based-nonces.patch
Type: text/x-patch
Size: 49614 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130125/e69f7903/attachment.bin>
More information about the Pki-devel
mailing list