On Thursday, September 27, 2012 at 7:30 AM, Matthias Wessendorf wrote:
Hey Bruno!On Thu, Sep 27, 2012 at 12:26 PM, Bruno Oliveira <bruno@abstractj.org> wrote:Hi Matthias, this is our biggest concerns to M7, we had some discussionsabout it with PicketBox team to improve it. Currently the token relies onPicketBox sessions like this:token = user.getSubject().getSession().getId().getId().toString();yep saw the code in the Filter;Easy to break like you've did. My initial suggestion, is generate anapplication ID at first glance and create event or time based tokens.Glad we already had some discussion about this (assuming that, base onyour email).I raised another question on IRC (#picketbox), on when thePicketBoxSession expires.I asked b/c I cloud issue a GET request one hour my last activity,using the same 'old' tokenGreetings!Matthias--"The measure of a man is what he does with power" - Plato-@abstractj-Volenti Nihil DifficileOn Thursday, September 27, 2012 at 3:26 AM, Matthias Wessendorf wrote:Hi,using the Auth-Token to get access to protected resources / endpoints(after doing a login) works fine!I am wondering how to avoid that one token is used on differentdevices? (e.g. when somebody is 'stealing' the token).I did sign-in to the app, using the browser and got the followingtoken => db5d16da-a1e5-48d9-a2fd-e39e36e835bcNow I was able to issue a get request against the endpoints, by usingthe same token, from different 'devices':- curl- iOS test caseNOTE: we don't need a solution now, since I know you guys are busywith some demo work - but just want to run that 'issue' by this listGreetings,Matthias--Matthias Wessendorfsessions: http://www.slideshare.net/mwessendorftwitter: http://twitter.com/mwessendorf_______________________________________________aerogear-dev mailing list_______________________________________________aerogear-dev mailing list--Matthias Wessendorfsessions: http://www.slideshare.net/mwessendorftwitter: http://twitter.com/mwessendorf_______________________________________________aerogear-dev mailing list