You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Philip Zampino (Jira)" <ji...@apache.org> on 2021/06/03 15:31:00 UTC

[jira] [Assigned] (KNOX-2611) Token-based providers should cache unsuccessful signature verifications

     [ https://issues.apache.org/jira/browse/KNOX-2611?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Philip Zampino reassigned KNOX-2611:
------------------------------------

    Assignee: Philip Zampino

> Token-based providers should cache unsuccessful signature verifications
> -----------------------------------------------------------------------
>
>                 Key: KNOX-2611
>                 URL: https://issues.apache.org/jira/browse/KNOX-2611
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 1.6.0
>            Reporter: Philip Zampino
>            Assignee: Philip Zampino
>            Priority: Major
>
> Similar to KNOX-2544, by which the token-base providers cache SUCCESSFUL signature verifications to avoid having to re-verify the same token repeatedly, this issue would add caching of UNSUCCESSFUL signature verifications toward the goal of preventing DOS-type attacks with "known bad" tokens.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)