-
Notifications
You must be signed in to change notification settings - Fork 781
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add namespace value to TokenRedis source #584
Conversation
This looks like a convention, rather than something fundamental to redis? That makes me cautious about adding it, as not everyone might follow that convention. Why can't users include this prefix in the token themselves? |
@CendioOssman Thank you for such a quick response!
Yes, you are right, this is not a built-in redis feature. But, as far as my experience suggests, this is a fairly common practice.
Because namespace is some kind of abstraction for redis, and users do not need to know about the internal structure of keys. Perhaps the example will make it clearer what I mean. I have a small application that provides noVNC with access to machines. One way or another, the user receives a token that uniquely identifies a specific virtual machine. By specifying this token, the user can connect:
Tokens are stored in redis, which is used by several other services, and if we want to separate the keys of one application from another, then we need to add a prefix to the key. In this case, the connection will look like this:
The presence of a prefix directly in the key seems at least strange, and at most unsafe. Therefore, in my application I use a plugin that adds this functionality. This PR was created because it is useful and does not break backward compatibility. Regardless of whether this PR is accepted or not, I want to say that the noVNC project is really very cool. Thank you :) |
Ah, yes. The security aspect is a good point. You need to be able to keep that out of end user control. I quickly googled redis and namespaces, and it does seem to be a strong convention, encouraged by the redis people themselves: https://redis.io/blog/5-key-takeaways-for-developing-with-redis/ So I think it's reasonable for us to follow that convention as well. The links above point out one concerning thing, though. The namespace can be multiple levels deep. And they also use |
@CendioOssman I really didn't think about nested namespaces! I see three possible solutions:
Which solution do you consider preferable? |
I'm afraid I'm not familiar with redis, so I don't know how much of a limitation not supporting it would be. We could skip it for now, as long as we have an opening for adding it in the future. And I don't see anything in your code that would prevent is from doing 1. or 2. in the future. |
I would like to implement the first option. I will come back to you with a solution :) |
Thanks for waiting! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Thanks for your hard work!
I suggest adding a new 'namespace' parameter to the TokenRedis plugin. This is useful when multiple clients use the same Redis instance.
Another parameter has been added to src and now the source format is as follows:
host[:port[:db[:password[:namespace]]]]
All changes are covered by tests, and the old ones are updated.