You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by gi...@git.apache.org on 2017/10/09 23:34:27 UTC

[GitHub] realulim commented on issue #844: Security: Provide a Way to Delete Cookies

realulim commented on issue #844: Security: Provide a Way to Delete Cookies
URL: https://github.com/apache/couchdb/issues/844#issuecomment-335317516
 
 
   I would assume that the user changing his password would invalidate all tokens still out there. But this is hardly practical and it doesn't help in case the user isn't aware that one of his session tokens was stolen. The security goal has to be that a user-facing application can be designed such that all tokens are invalidated as soon as the user explicitly logs out. Then the attack window is limited to session duration.
   
   Feel free to shoot this down, if it has flaws:
   
   1. The user authenticates with his credentials and we hand him a stateless token that includes a "now" timestamp. We store the "now" timestamp on the server.
   
   2. Someone wants to authorise an operation with a token. If its timestamp is older than our now timestamp, we reject it.
   
   3. The user logs out and our application sends an "invalidate" request to the server. The server updates the now timestamp and adds an "invalidated" flag to it.
   
   4. All tokens coming in are now rejected because of the flag. We have succeeded in invalidating any tokens still out there.
   
   5. The rightful user logs in again with his credentials. Upon verification we update the now timestamp and remove the "invalidated" flag. The user gets a fresh stateless token.
   
   6. All other tokens are still invalid because they have an older timestamp.
   
   Even though we store data on the server, this is still stateless in terms of scalability, because timestamp and invalidated flag are per-user (e. g. like the password) and not per-session. Plus, eventual consistency is good enough here.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services