[dev] [commits] Horde branch master updated. 17c3c203f309f2d3170033708374d04eb77cb36b

Gunnar Wrobel p at rdus.de
Mon Nov 15 12:38:33 UTC 2010


Quoting Chuck Hagenbuch <chuck at horde.org>:

> Quoting Gunnar Wrobel <p at rdus.de>:
>
>> The branch "master" has been updated.
>> The following is a summary of the commits.
>>
>> from: a7078e12d5841ca7527e3b0ad59081b2a570cb56
>>
>> 19013c1 Initial Horde_Nonce skeleton.
>> 17c3c20 Allow to create nonces.
>
> I generally know what a nonce is, but what's the intent here?

Horde_Nonce should deliver light weight tokens soon. I have some more  
commits in a local branch but it will probably take some more time to  
finish it.

The idea is to avoid storing nonces/tokens in the session. Currently  
Horde mainly uses timed tokens that are being remembered in the  
session on creation. As far as I can see it would be a reasonable  
alternative to sign a timestamp with a secret from the session and use  
the combination of both as a token. Validation of the token requires  
just the token and the secret from the session again. Time based  
expiration of the token only requires the token itself.

Horde_Nonce delivers nonces that contain a time stamp for that. The  
generated nonces also contains a random part which can be used for  
resubmit protection. That will be similar to what Horde_Token  
currently provides and I need to check how I can combine it with  
Horde_Nonce.

Cheers,

Gunnar

>
> -chuck
>
> -- 
> Horde developers mailing list - Join the hunt: http://horde.org/bounties/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
>







More information about the dev mailing list