Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explore options for token invalidation #12

Open
1 task
HeroicKatora opened this issue Feb 7, 2018 · 0 comments
Open
1 task

Explore options for token invalidation #12

HeroicKatora opened this issue Feb 7, 2018 · 0 comments
Labels
improvement Improve existing implementation question Best solution is unclear, discussion welcome
Milestone
0.4

Comments

@HeroicKatora
Copy link
Owner

Project Improvement

Self-encoded tokens suffer from not being revokable at all. At the same time, the storage backend does not yet remove expired tokens from memory and offers no interface for manually invalidating an existing token.

Both aspects are worth exploring as a security improvement, and even reducing memory footprint for the storage case. A first idea is to sweep the token store after some timer has expired or on the next mutable access after a timepoint.

This is open for suggestions and discussion.

Tracking pull request

  • A pull request does not yet exist
@HeroicKatora HeroicKatora added help wanted question Best solution is unclear, discussion welcome audit Open ended code review labels Feb 7, 2018
@HeroicKatora HeroicKatora added this to the 0.3 milestone Feb 7, 2018
@HeroicKatora HeroicKatora added improvement Improve existing implementation and removed audit Open ended code review labels Feb 23, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
improvement Improve existing implementation question Best solution is unclear, discussion welcome
Projects
None yet
Milestone
0.4
Development

No branches or pull requests
1 participant
@HeroicKatora