[
http://jira.amdatu.org/jira/browse/AMDATUAUTH-65?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivo Ladage - van Doorn closed AMDATUAUTH-65.
--------------------------------------------
> OAuth nonces are not synhronized in a distributed setup
> -------------------------------------------------------
>
> Key: AMDATUAUTH-65
> URL: http://jira.amdatu.org/jira/browse/AMDATUAUTH-65
> Project: Amdatu Auth
> Issue Type: Bug
> Components: Authorization & authentication, OAuth server
> Affects Versions: 0.1.1
> Reporter: Ivo Ladage - van Doorn
> Assignee: Ivo Ladage - van Doorn
> Fix For: 0.2.0
>
>
> The nonces are stored in-memory by the SimpleOAuthValidator. That works nice
> in a standalone application, but fails in a distributed setup. In a cluster,
> replay attacks would still be possible just because the attack is replayed on
> a different server then the original.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers
