Closed Bug 963141 Opened 10 years ago Closed 10 years ago

Make APK signer nonce checking more robust against replays

Categories

(Marketplace Graveyard :: Integration, defect, P2)

Product:
Marketplace Graveyard
Component:
Integration
Version:
Avenir
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
2014-03-04

People

(Reporter: kumar, Assigned: kumar)

References

Details

(Whiteboard: [A4A][qa-]) 

While using Hawk for authentication (bug 962831) we need to check nonces in a robust way to prevent replay attacks. We will already have a timestamp expiration; nonce checking is a way to limit replays before the timestamp expires. We need to use something like redis to store the nonce temporarily (until the timestamp expires) to reject duplicate nonces.
Blocks: 958329
Priority: -- → P3
Assignee: nobody → kumar.mcmillan
Priority: P3 → P2
Whiteboard: [A4A]
Depends on: 976729
nonce checking with Django cache is implemented here: https://github.com/mozilla/apk-signer/commit/5acae04643f943b1c6d5f5ea695bd8bf48a20eeb

Right now it uses memory cache but once we have memcache (bug 976729) it should work just the same
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2014-03-04
Please add some STRs to this bug or mark it as [qa-]
Whiteboard: [A4A] → [A4A][qa-]
You need to log in before you can comment on or make changes to this bug.