Forum: Ruby on Rails Why is NFS insecure for storing open id sessions?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ben J. (Guest)
on 2008-11-10 03:53
I am trying to set up openid in my application. I came across this
plugin:

http://github.com/rails/open_id_authentication/tree/master

In there it says:

"Alternatively, you can use the file-based store, which just relies on
tmp/openids being present in RAILS_ROOT. But be
aware that this store only works if you have a single application
server. And it's not safe to use across NFS"

They never explain why its not safe. If NFS is used within your internal
/ private network what is not safe about it?

I did some research and came up with nothing. Maybe someone here knows
what they are talking about. Thanks!
Frederick C. (Guest)
on 2008-11-10 11:11
(Received via mailing list)
On Nov 10, 1:53 am, Ben J. <removed_email_address@domain.invalid>
wrote:
> server. And it's not safe to use across NFS"
>
I'd hazard a guess that "safe" refers to locking problems and so on
rather than privacy concerns.

Fred
Dale (Guest)
on 2008-11-11 14:54
(Received via mailing list)
Actually I believe NFS does file locking (I think it'd have to use
locking to prevent contention between multiple devices).

I think that really what the Author is saying is that NFS traffic is
transmitted in the clear. So if the network for NFS is viewable by
others, they'd get your secure data just by sniffing the network. I'd
bet they assume your NFS mount is across a public network.
-Dale

On Nov 10, 3:09 am, Frederick C. <removed_email_address@domain.invalid>
Frederick C. (Guest)
on 2008-11-11 15:10
(Received via mailing list)
On 11 Nov 2008, at 12:53, Dale wrote:

>
> Actually I believe NFS does file locking (I think it'd have to use
> locking to prevent contention between multiple devices).
>
Quite possibly, but I wouldn't bet that the file based store is doing
that locking. The easiest way might be to ask on the rails-core list
for clarification (would have thought it was fair game if it's hosted
at rails' github account.

Fred
This topic is locked and can not be replied to.