[dev] [commits] Horde branch master updated. 17c3c203f309f2d3170033708374d04eb77cb36b
Gunnar Wrobel
p at rdus.de
Mon Nov 15 12:38:33 UTC 2010
Quoting Chuck Hagenbuch <chuck at horde.org>:
> Quoting Gunnar Wrobel <p at rdus.de>:
>
>> The branch "master" has been updated.
>> The following is a summary of the commits.
>>
>> from: a7078e12d5841ca7527e3b0ad59081b2a570cb56
>>
>> 19013c1 Initial Horde_Nonce skeleton.
>> 17c3c20 Allow to create nonces.
>
> I generally know what a nonce is, but what's the intent here?
Horde_Nonce should deliver light weight tokens soon. I have some more
commits in a local branch but it will probably take some more time to
finish it.
The idea is to avoid storing nonces/tokens in the session. Currently
Horde mainly uses timed tokens that are being remembered in the
session on creation. As far as I can see it would be a reasonable
alternative to sign a timestamp with a secret from the session and use
the combination of both as a token. Validation of the token requires
just the token and the secret from the session again. Time based
expiration of the token only requires the token itself.
Horde_Nonce delivers nonces that contain a time stamp for that. The
generated nonces also contains a random part which can be used for
resubmit protection. That will be similar to what Horde_Token
currently provides and I need to check how I can combine it with
Horde_Nonce.
Cheers,
Gunnar
>
> -chuck
>
> --
> Horde developers mailing list - Join the hunt: http://horde.org/bounties/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
>
More information about the dev
mailing list