[erlang-questions] Secure sessions in Cowboy
Lloyd R. Prentice
lloyd@REDACTED
Thu Apr 17 05:37:12 CEST 2014
Hello,
A few years ago Joe Armstrong kicked off a wonderful discussion of web authentication on erlang-questions. Thu Jul 7 21:29:23 CEST 2011. Fred Hébert contributed an outstanding Quick Guide. Thu Jul 7 22:04:58 CEST 2011. Now I'm near the scary point of having to write real code to manage secure sessions. I'd be much grateful if some kind soul could take a look at my outline below and point out, if any, the errors of my ways:
CREATE CREDENTIALS
1. Log-in and session under SSL
2. Encrypt and store password - considering Hébert's erlpass for password management; DETS for credentials storage
SESSION MANAGEMENT
1. Limit number of log-in attempts; resume after time delay
2. Time-limited cookies to manage sessions
3. Session state - store in process or ETS?
4. Append unique tokens to forms
Are there better options for any step? Am I missing anything?
Many thanks,
LRP
Sent from my iPad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140416/d9b7c364/attachment.htm>
More information about the erlang-questions
mailing list