You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
About ring store, it seems that it should live out of buddy-sign, because buddy-sign responsibility is just sign and encrypt tokens/messages. Maybe in a separate package or maybe in buddy-auth (that is more coupled to ring).
And about security. I'm very concerned with security and I try to maintain buddy-* packages secure. But I'm not aware of other existing packages that provides signed cookie store, so I don't aware of possible security flaws of that stores.
Would you be interested in a contribution of a Ring cookie store based on buddy-sign, both signing and encrypting cookies?
I have the feeling that would be more secure than the current Ring cookie encryption, but I'm not really sure. Do you know?
The text was updated successfully, but these errors were encountered: