Why is NFS insecure for storing open id sessions?


#1

I am trying to set up openid in my application. I came across this
plugin:

In there it says:

“Alternatively, you can use the file-based store, which just relies on
tmp/openids being present in RAILS_ROOT. But be
aware that this store only works if you have a single application
server. And it’s not safe to use across NFS”

They never explain why its not safe. If NFS is used within your internal
/ private network what is not safe about it?

I did some research and came up with nothing. Maybe someone here knows
what they are talking about. Thanks!


#2

On Nov 10, 1:53 am, Ben J. removed_email_address@domain.invalid
wrote:

server. And it’s not safe to use across NFS"

I’d hazard a guess that “safe” refers to locking problems and so on
rather than privacy concerns.

Fred


#3

Actually I believe NFS does file locking (I think it’d have to use
locking to prevent contention between multiple devices).

I think that really what the Author is saying is that NFS traffic is
transmitted in the clear. So if the network for NFS is viewable by
others, they’d get your secure data just by sniffing the network. I’d
bet they assume your NFS mount is across a public network.
-Dale

On Nov 10, 3:09 am, Frederick C. removed_email_address@domain.invalid


#4

On 11 Nov 2008, at 12:53, Dale wrote:

Actually I believe NFS does file locking (I think it’d have to use
locking to prevent contention between multiple devices).

Quite possibly, but I wouldn’t bet that the file based store is doing
that locking. The easiest way might be to ask on the rails-core list
for clarification (would have thought it was fair game if it’s hosted
at rails’ github account.

Fred