I am trying to set up openid in my application. I came across this plugin: http://github.com/rails/open_id_authentication/tree/master In there it says: "Alternatively, you can use the file-based store, which just relies on tmp/openids being present in RAILS_ROOT. But be aware that this store only works if you have a single application server. And it''s not safe to use across NFS" They never explain why its not safe. If NFS is used within your internal / private network what is not safe about it? I did some research and came up with nothing. Maybe someone here knows what they are talking about. Thanks! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung
2008-Nov-10 09:09 UTC
Re: Why is NFS insecure for storing open id sessions?
On Nov 10, 1:53 am, Ben Johnson <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> I am trying to set up openid in my application. I came across this > plugin: > > http://github.com/rails/open_id_authentication/tree/master > > In there it says: > > "Alternatively, you can use the file-based store, which just relies on > tmp/openids being present in RAILS_ROOT. But be > aware that this store only works if you have a single application > server. And it''s not safe to use across NFS" >I''d hazard a guess that "safe" refers to locking problems and so on rather than privacy concerns. Fred> They never explain why its not safe. If NFS is used within your internal > / private network what is not safe about it? > > I did some research and came up with nothing. Maybe someone here knows > what they are talking about. Thanks! > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Actually I believe NFS does file locking (I think it''d have to use locking to prevent contention between multiple devices). I think that really what the Author is saying is that NFS traffic is transmitted in the clear. So if the network for NFS is viewable by others, they''d get your secure data just by sniffing the network. I''d bet they assume your NFS mount is across a public network. -Dale On Nov 10, 3:09 am, Frederick Cheung <frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Nov 10, 1:53 am, Ben Johnson <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> > wrote:> I am trying to set up openid in my application. I came across this > > plugin: > > >http://github.com/rails/open_id_authentication/tree/master > > > In there it says: > > > "Alternatively, you can use the file-based store, which just relies on > > tmp/openids being present in RAILS_ROOT. But be > > aware that this store only works if you have a single application > > server. And it''s not safe to use across NFS" > > I''d hazard a guess that "safe" refers to locking problems and so on > rather than privacy concerns. > > Fred > > > They never explain why its not safe. If NFS is used within your internal > > / private network what is not safe about it? > > > I did some research and came up with nothing. Maybe someone here knows > > what they are talking about. Thanks! > > -- > > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung
2008-Nov-11 13:09 UTC
Re: Why is NFS insecure for storing open id sessions?
On 11 Nov 2008, at 12:53, Dale wrote:> > Actually I believe NFS does file locking (I think it''d have to use > locking to prevent contention between multiple devices). >Quite possibly, but I wouldn''t bet that the file based store is doing that locking. The easiest way might be to ask on the rails-core list for clarification (would have thought it was fair game if it''s hosted at rails'' github account. Fred> I think that really what the Author is saying is that NFS traffic is > transmitted in the clear. So if the network for NFS is viewable by > others, they''d get your secure data just by sniffing the network. I''d > bet they assume your NFS mount is across a public network. > -Dale > > On Nov 10, 3:09 am, Frederick Cheung <frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> > wrote: >> On Nov 10, 1:53 am, Ben Johnson <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> >> wrote:> I am trying to set up openid in my application. I came >> across this >>> plugin: >> >>> http://github.com/rails/open_id_authentication/tree/master >> >>> In there it says: >> >>> "Alternatively, you can use the file-based store, which just >>> relies on >>> tmp/openids being present in RAILS_ROOT. But be >>> aware that this store only works if you have a single application >>> server. And it''s not safe to use across NFS" >> >> I''d hazard a guess that "safe" refers to locking problems and so on >> rather than privacy concerns. >> >> Fred >> >>> They never explain why its not safe. If NFS is used within your >>> internal >>> / private network what is not safe about it? >> >>> I did some research and came up with nothing. Maybe someone here >>> knows >>> what they are talking about. Thanks! >>> -- >>> Posted viahttp://www.ruby-forum.com/. > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---