You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using the OneUseStore, nonces can be generated without having any method of forcing their removal. This means an attacker could continue to make unauthenticated requests in order to generate more nonces which will never be removed, thus eating away at the servers resources.
The text was updated successfully, but these errors were encountered:
Here is how it should be handled: There should be oneStore type, which takes a limit amount and a duration amount.
Have a coroutine clear our expired tokens, and add all the rest of the functionality. store := NonceFactory(3, 1 * time.Second) could return a store which limits nonce to a lifetime of 1 second and a usage-limit of 3.
When using the
OneUseStore
, nonces can be generated without having any method of forcing their removal. This means an attacker could continue to make unauthenticated requests in order to generate more nonces which will never be removed, thus eating away at the servers resources.The text was updated successfully, but these errors were encountered: