You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If we get a 500 during session create (e.g., due to duplicate key, which should be impossible) sure we're not leaking info in the error message about the nature of the failure
Review the cheat sheet and figure out what's missing
Server side: log session lifetime
Scope sessions to the same source IP (and maybe other request properties)
Server side: prevent DoS by unauthenticated clients by spamming random session ids. This one deserves more explanation. I'm a little worried that if even unauthenticated requests hit CockroachDB, it's easy to DoS the control plane by just hammering Nexus with unauthenticated requests. We could mitigate this in a lot of ways. The easiest one I can think of is to severely throttle clients that have made more than a handful of requests with bogus session ids in the last few minutes. It seems like we could be very aggressive about this because well-behaving clients should rarely make requests with bogus session ids. Other ideas might be: use a separate CockroachDB cluster for this or use a separate mechanism altogether.
Consider specifying a particular CSPRNG for token generation instead of than rand::StdRng (currently ChaCha12)
This is a catch-all for v1 session management security work, largely inspired by the OWASP Session Management Cheat Sheet.
rand::StdRng(currently ChaCha12)