[aerogear-dev] Push server...master secrets, secrets and some refactoring proposal

Bruno Oliveira bruno at abstractj.org
Wed Apr 16 11:39:13 EDT 2014


Chillax and feel free to ask. Master secret must be kept with our
user/developer/client, technically it will only generated a new secret
if we got a new PushApplication.

If the server is restarted the *salt* and *secret key* will be still
there into the database. So basically on the next request we execute the
following function:

keyForComparison = PBKDF2(masterSecret, salt)

Then we check against the database if the key matches with the stored
into the database. Does it make sense to you?

Karel Piwko wrote:
> Sorry my ignorance, does it mean that if I restart application server or
> redeploy UPS, master secret will be changed? 
>
> For master secret, that's not that big concern, I believe. People just need to
> grab master secret from UPS before adding variants from CLI.
>
> But if variant secrets are recomputed as well, all existing application
> installations will cease to work!

-- 
abstractj


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140416/9e07ab8b/attachment.bin 


More information about the aerogear-dev mailing list