[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] HTTP Digest Auth and Internal synchronization
From: |
Amr Ali |
Subject: |
[libmicrohttpd] HTTP Digest Auth and Internal synchronization |
Date: |
Sat, 14 Aug 2010 00:32:23 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I mentioned before that I'm working on an internal module for MHD, obviously
from the subject it is Digest Auth. I'm having a decision problem at how I
should approach making sure that the "nc" or nonce counter should be increased
for subsequent requests.
Can I use mutexes (or spinlocks since the process itself takes so much less time
to put a thread into sleep and bring it back up again) to avoid race conditions
between different connections or requests? or there is some other way you've
developed internally to help with such situations that I could make use of.
Also I want to support mitigations for replies attacks, but that would take a
couple of memory pages to contain recently used server nonces. Are there
guidelines or general project policy that would discourage increasing the memory
requirements? (in most cases only 100k of extra memory foot print would be
enough to track a big amount of nonces) It can be an optional feature or Digest
Auth as a whole to be optional like HTTPS/SSL. I'm asking so if you decided to
put this upstream there won't be any conflicts of interest.
Best regards,
Amr Ali
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxlx/YACgkQ2VxGY2VcpoipAwCePLLPGXUZTuXpZUrtOu2rJ8la
3NoAn2LhGgg+Boil0P+8Xf41Rl8zfR33
=WoY7
-----END PGP SIGNATURE-----
- [libmicrohttpd] HTTP Digest Auth and Internal synchronization,
Amr Ali <=