[aerogear-dev] Push server...master secrets, secrets and some refactoring proposal
Bruno Oliveira
bruno at abstractj.org
Wed Apr 16 11:39:13 EDT 2014
Chillax and feel free to ask. Master secret must be kept with our
user/developer/client, technically it will only generated a new secret
if we got a new PushApplication.
If the server is restarted the *salt* and *secret key* will be still
there into the database. So basically on the next request we execute the
following function:
keyForComparison = PBKDF2(masterSecret, salt)
Then we check against the database if the key matches with the stored
into the database. Does it make sense to you?
Karel Piwko wrote:
> Sorry my ignorance, does it mean that if I restart application server or
> redeploy UPS, master secret will be changed?
>
> For master secret, that's not that big concern, I believe. People just need to
> grab master secret from UPS before adding variants from CLI.
>
> But if variant secrets are recomputed as well, all existing application
> installations will cease to work!
--
abstractj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140416/9e07ab8b/attachment.bin
More information about the aerogear-dev
mailing list