Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ring cookie store based on buddy-sign #12

Closed
pupeno opened this issue Oct 13, 2015 · 1 comment
Closed

Ring cookie store based on buddy-sign #12

pupeno opened this issue Oct 13, 2015 · 1 comment
Assignees
@niwinz
Labels
question

Comments

@pupeno
Copy link
Contributor

pupeno commented Oct 13, 2015

Would you be interested in a contribution of a Ring cookie store based on buddy-sign, both signing and encrypting cookies?

I have the feeling that would be more secure than the current Ring cookie encryption, but I'm not really sure. Do you know?
@niwinz
Copy link
Member

niwinz commented Oct 14, 2015

Hi @pupeno

About ring store, it seems that it should live out of buddy-sign, because buddy-sign responsibility is just sign and encrypt tokens/messages. Maybe in a separate package or maybe in buddy-auth (that is more coupled to ring).

And about security. I'm very concerned with security and I try to maintain buddy-* packages secure. But I'm not aware of other existing packages that provides signed cookie store, so I don't aware of possible security flaws of that stores.

@niwinz niwinz self-assigned this Oct 14, 2015
@niwinz niwinz closed this as completed Nov 17, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@niwinz niwinz

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pupeno @niwinz