Make APK signer nonce checking more robust against replays

RESOLVED FIXED in 2014-03-04

Status

P2
normal
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: kumar, Assigned: kumar)

Tracking

Avenir
2014-03-04
x86
Mac OS X
Points:
---
Dependency tree / graph

Details

(Whiteboard: [A4A][qa-])

While using Hawk for authentication (bug 962831) we need to check nonces in a robust way to prevent replay attacks. We will already have a timestamp expiration; nonce checking is a way to limit replays before the timestamp expires. We need to use something like redis to store the nonce temporarily (until the timestamp expires) to reject duplicate nonces.
Blocks: 958329
Priority: -- → P3
Assignee: nobody → kumar.mcmillan

Updated

5 years ago
Priority: P3 → P2

Updated

5 years ago
Whiteboard: [A4A]
Depends on: 976729
nonce checking with Django cache is implemented here: https://github.com/mozilla/apk-signer/commit/5acae04643f943b1c6d5f5ea695bd8bf48a20eeb

Right now it uses memory cache but once we have memcache (bug 976729) it should work just the same
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2014-03-04

Comment 2

5 years ago
Please add some STRs to this bug or mark it as [qa-]
Whiteboard: [A4A] → [A4A][qa-]
You need to log in before you can comment on or make changes to this bug.