Comment 2 for bug 1202952
Revision history for this message
| Adam Young (ayoung) wrote Re: PKI tokens are never revoked using memcache token backend | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Looks legitimate. A quick check of the code shows that we do not test the format of the revocation list for each of the backends, but merely that the ID in is the same as the revoked ID, which would mask this issue.
The memcached backend already has a serious and public failing in that it is not persisted over reboots. As such, using the memcahced backend for tokens is probably a bad choice.
One solution to both problems would be to have the revocation list always stored in SQL.