tags:

views:

32

answers:

1
Q: 

How to process Oauth nonces on the server side ?

I am writing the provider part of the OAuth protocol on the serverside and I'm cracking my ahead over how much of the nonces sent by OAuth consumers that I need to cache.

According to twitter's docs,

Twitter will only allow a nonce to be used once by your application. Prevents replayed requests.

The question: My implementation will just simply add each nonces received into memcached. But this will take up a lot of memory space. How much of the nonces should I ideally cache and for how long ?

A: 

Nonces only need to be unique for all requests using the same timestamp. You should deny requests with a timestamp older then 5 minutes so you only need to store nonces for 5 minutes.

http://tools.ietf.org/html/rfc5849#section-3.3

abraham  2010-09-18 22:26:57

related questions

What considerations should be made before reinventing the wheel?
Is "RTFM" counter-productive?
Best Way to Begin Learning Web Application Design
Non Public Members for C# Interfaces
Where is a good place to find a talented web designer?
How do you begin designing a large system?
Is Single Responsibility Principle a rule of OOP?
Looking for example of Command pattern for UI
Are there good resources on federated software?
Class designer
Resources on wordpress theme-development
Designing a Calendar system like Google Calendar
Design debate: what are good ways to store and manipulate versioned objects?
Good Resources for Relational Database Design
What are the best resources on designing a new language?
Personalized icon next to the URL address in the browser's address bar?
Generating Icon Files
Best WYSIWYG CSS editor?
MVC pattern question: Who has what? who calls what?
Javascript and PHP - Login Script with hidden buttons
Icons: How does a developer with no design skill make his/her application icons look pretty?
What are you using for Web UI/layout design?
What programs do you use to create graphic images?
Folders or Projects in a Visual Studio Solution?
How do you test layout design across multiple browsers/OSs?