summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/pkispawn
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2013-01-23 12:10:52 -0600
committerEndi Sukma Dewata <edewata@redhat.com>2013-01-25 16:11:05 -0500
commitd328d4073c1d09c3e07e0d8e84f261fb476fee0a (patch)
treec0269b8d9c65ef3bb2fc786fe8c19bd03cbc667e /base/deploy/src/pkispawn
parent85aa3bdbd86a00057c60de842b208e573b85c200 (diff)
downloadpki-d328d4073c1d09c3e07e0d8e84f261fb476fee0a.tar.gz
pki-d328d4073c1d09c3e07e0d8e84f261fb476fee0a.tar.xz
pki-d328d4073c1d09c3e07e0d8e84f261fb476fee0a.zip
Session-based nonces.ticket-474
Previously nonces were stored in a global map which might not scale well due to some issues: 1. The map uses the nonces as map keys. There were possible nonce collisions which required special handling. 2. The collision handling code was not thread safe. There were possible race conditions during concurrent modifications. 3. The map was shared and size limited. If there were a lot of users using the system, valid nonces could get pruned. 4. The map maps the nonces to client certificates. This limits the possible authentication methods that can be supported. Now the code has been modified such that each user has a private map in the user's session to store the nonces. Additional locking has been implemented to protect against concurrent modifications. The map now uses the target of the operation as the map key, eliminating possible collisions and allowing the use of other authentication methods. Since this is a private map, it's not affected by the number of users using the system. Ticket #474
Diffstat (limited to 'base/deploy/src/pkispawn')
0 files changed, 0 insertions, 0 deletions