#1 2017-03-18 21:52:28

DKA
Member
Registered: 2016-07-05
Posts: 39

Restfull authentication : Best pattern for registering a new user

Hi,

I really like the "mORMot secure RESTful authentication".

But how to allow users to create their account and avoid DDOS Attack. In the "mORMot secure RESTful authentication", there is a secret shared between Server and client. But when the user doen't exist (he is creating an account), how to prevent replay attack by a MIM user?

Does something like this already handled by Mormot ?
  1 - The user authenticate via OAuth.
  2 - The server send a mail with a link (available for 1 hour for example).
  3 - The user click the clink and validate his account

Any advice?
Thanks.

Offline

#2 2017-03-19 08:38:41

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,686
Website

Re: Restfull authentication : Best pattern for registering a new user

There is something similar to it in the ddd\user folder of the framework.

Offline

#3 2017-03-24 16:05:49

DKA
Member
Registered: 2016-07-05
Posts: 39

Re: Restfull authentication : Best pattern for registering a new user

Thanks Ab. I checked it, but I'm confused without example.

I will read the doc again and try to fix my problem.

Offline

#4 2017-03-24 17:21:05

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,686
Website

Re: Restfull authentication : Best pattern for registering a new user

Check the regression tests.

Offline

Board footer

Powered by FluxBB