From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@sympa.inria.fr Delivered-To: caml-list@sympa.inria.fr Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) by sympa.inria.fr (Postfix) with ESMTPS id D1F7E7FBF0 for ; Fri, 18 Dec 2015 17:52:51 +0100 (CET) IronPort-PHdr: 9a23:AlfE2RM5mqxI35IJQdcl6mtUPXoX/o7sNwtQ0KIMzox0KPXzrarrMEGX3/hxlliBBdydsKIazbGL+PG4EUU7or+/81k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i760zceF13FOBZvIaytQ8iJ35rxjL35qsWbSj4LrQT+SIs6FA+xowTVu5teqqpZAYF19CH0pGBVcf9d32JiKAHbtR/94sCt4MwrqHwI6LoJvvRNWqTifqk+UacQTHF/azh0t/vQqALbQACTynwZW2QQ2loUUkmWpC39C6tvqLX5/sdxxyicdZn7Qa81X3en6+JsQxbtjA8KKzkj92KRjMFs2vF1uhWk8jZl3ojTKK2YOvdkZKrHfJtOWHZATMFafyNEC4K4KYAICrxSbq5js4Dhqg5W/lOFDg62Cbaql2ZF Authentication-Results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=utizoc@gmail.com; spf=Pass smtp.mailfrom=utizoc@gmail.com; spf=None smtp.helo=postmaster@mail-qg0-f52.google.com Received-SPF: None (mail3-smtp-sop.national.inria.fr: no sender authenticity information available from domain of utizoc@gmail.com) identity=pra; client-ip=209.85.192.52; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="utizoc@gmail.com"; x-sender="utizoc@gmail.com"; x-conformance=sidf_compatible Received-SPF: Pass (mail3-smtp-sop.national.inria.fr: domain of utizoc@gmail.com designates 209.85.192.52 as permitted sender) identity=mailfrom; client-ip=209.85.192.52; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="utizoc@gmail.com"; x-sender="utizoc@gmail.com"; x-conformance=sidf_compatible; x-record-type="v=spf1" Received-SPF: None (mail3-smtp-sop.national.inria.fr: no sender authenticity information available from domain of postmaster@mail-qg0-f52.google.com) identity=helo; client-ip=209.85.192.52; receiver=mail3-smtp-sop.national.inria.fr; envelope-from="utizoc@gmail.com"; x-sender="postmaster@mail-qg0-f52.google.com"; x-conformance=sidf_compatible X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BgAADOOHRWlDTAVdFeAYQLbQaCZYEvpgEJAQaBDYIbK4USjDYhhWwCgTMHPBABAQEBAQEBARABAQEBBwsLCR8wgi2CBwEBAQMBDAYRHQEUBxILAQMBCwYDAgsNDR0CAiIBEQEFAQoSBgwHEgkHh3cBAwoIDo4pj06BMT4xi0iBaoJ5iA8KGScDClaDPwEBAQEBAQEDAQEBAQEBFwEFDoYAhUaEQgJEgm+BSQWGGwyMYYN3hTuID4FcSZcQgicSJIEXESiCLyOBdyQ0AYNGgUoBAQE X-IPAS-Result: A0BgAADOOHRWlDTAVdFeAYQLbQaCZYEvpgEJAQaBDYIbK4USjDYhhWwCgTMHPBABAQEBAQEBARABAQEBBwsLCR8wgi2CBwEBAQMBDAYRHQEUBxILAQMBCwYDAgsNDR0CAiIBEQEFAQoSBgwHEgkHh3cBAwoIDo4pj06BMT4xi0iBaoJ5iA8KGScDClaDPwEBAQEBAQEDAQEBAQEBFwEFDoYAhUaEQgJEgm+BSQWGGwyMYYN3hTuID4FcSZcQgicSJIEXESiCLyOBdyQ0AYNGgUoBAQE X-IronPort-AV: E=Sophos;i="5.20,446,1444687200"; d="scan'208";a="157636650" Received: from mail-qg0-f52.google.com ([209.85.192.52]) by mail3-smtp-sop.national.inria.fr with ESMTP/TLS/AES128-GCM-SHA256; 18 Dec 2015 17:52:50 +0100 Received: by mail-qg0-f52.google.com with SMTP id p62so7273822qge.1 for ; Fri, 18 Dec 2015 08:52:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Ipski3v/CgszEdL8/bWhTiFAqv0P7b5Ig6xmP/7yp8s=; b=cyXrFP+lNUZlyyQgdqpN/G7dueW+2zDbAtgNm6Wdfc3bOgOurRh2qRCa3n5LrZAdee PP4EmAkQFvxCtO4CSfZpbLw8P+/7awTexEsrHFdcuKOPNFrB5F74lPs4+c/B2iUq9zrp erUOvQqxGHVTEklpU+NWDzIR5+Q+TvS7VQp60ADQzFS0Dfrtn4nQ+dTj0eV7TkK6ojMH jlLjGKgV42fvfXBiFNFa2lli4YaPWy4R65TXq9xXUxRknazTpsx6YA39F5jTRHB8R6Wj bpFmIECjliFcSIdmtdO0UNEJppv8TMujv0Rt238at94fqBpnug4j+7o/irXWDzAyZRqK PeXw== MIME-Version: 1.0 X-Received: by 10.140.230.8 with SMTP id a8mr6848338qhc.31.1450457569190; Fri, 18 Dec 2015 08:52:49 -0800 (PST) Received: by 10.140.104.241 with HTTP; Fri, 18 Dec 2015 08:52:49 -0800 (PST) In-Reply-To: <56742C6F.4060905@etorok.net> References: <56742C6F.4060905@etorok.net> Date: Fri, 18 Dec 2015 13:52:49 -0300 Message-ID: From: Bruno Deferrari To: =?UTF-8?B?VMO2csO2ayBFZHdpbg==?= Cc: caml-list@inria.fr Content-Type: multipart/alternative; boundary=001a113775382c673605272ef87c Subject: Re: [Caml-list] ANN: ocaml-session --001a113775382c673605272ef87c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, Dec 18, 2015 at 12:55 PM, T=C3=B6r=C3=B6k Edwin wrote: > On 12/17/2015 08:51 PM, Spiros Eliopoulos wrote: > > Hey List, > > > > I'm happy to announce the initial release of ocaml-session: > > > > https://github.com/inhabitedtype/ocaml-session > > > > ocaml-session is an session manager that handles cookie headers and > backend storage for HTTP servers. The library supports CoHTTP and > Webmachine; Async and Lwt; and pluggable backing stores based on a functor > interface. > > Nice! > > > > > The library ships with an in-memory backend (for development and > testing) and a postgresql-ocaml[0] based backend. > > How about signed cookies as a storage backend? > Python Flask and Django can use it to store session entirely in the > cookies with an hmac signature and expiration time, so your server can be > entirely stateless. > As long as the amount of data in your session is small, and all you need > is authenticated data (and not secret data) I think its quite an elegant > solution, > and more fitting with a functional style. > > Now of course comes the question Cryptokit or nocrypto :) > > [1] http://werkzeug.pocoo.org/docs/0.11/contrib/securecookie/ > [2] https://docs.djangoproject.com/en/1.9/topics/http/sessions/ > [3] http://pythonhosted.org/itsdangerous/ > > Here is a basic implementation of something similar to itsdangerous I wrote a few days ago for a project I'm working on, it uses nocrypto: https://gist.github.com/tizoc/975bfac960d7e5c60232 With a bit of work it could become an opam package. > > -- > Edwin T=C3=B6r=C3=B6k | Co-founder and Lead Developer > > Skylable open-source object storage: reliable, fast, secure > http://www.skylable.com > > -- > Caml-list mailing list. Subscription management and archives: > https://sympa.inria.fr/sympa/arc/caml-list > Beginner's list: http://groups.yahoo.com/group/ocaml_beginners > Bug reports: http://caml.inria.fr/bin/caml-bugs > --=20 BD --001a113775382c673605272ef87c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On Fri, Dec 18, 2015 at 12:55 PM, T=C3=B6r=C3=B6k Edwin <edwin+ml-ocaml@etorok.net> wrote:
On = 12/17/2015 08:51 PM, Spiros Eliopoulos wrote:
> Hey List,
>
> I'm happy to announce the initial release of ocaml-session:
>
>=C2=A0 =C2=A0https://github.com/inhabitedtype/ocam= l-session
>
> ocaml-session is an session manager that handles cookie headers and ba= ckend storage for HTTP servers. The library supports CoHTTP and Webmachine;= Async and Lwt; and pluggable backing stores based on a functor interface.<= br>
Nice!

>
> The library ships with an in-memory backend (for development and testi= ng) and a postgresql-ocaml[0] based backend.

How about signed cookies as a storage backend?
Python Flask and Django can use it to store session entirely in the cookies= with an hmac signature and expiration time, so your server can be entirely= stateless.
As long as the amount of data in your session is small, and all you need is= authenticated data (and not secret data) I think its quite an elegant solu= tion,
and more fitting with a functional style.

Now of course comes the question Cryptokit or nocrypto :)

[1] http://werkzeug.pocoo.org/docs/0.11/con= trib/securecookie/
[2] https://docs.djangoproject.com/en/1.9= /topics/http/sessions/
[3] http://pythonhosted.org/itsdangerous/


Here is a basic implementation of something similar to its= dangerous I wrote a few days ago for a project I'm working on, it uses = nocrypto:



--
Edwin T=C3=B6r=C3=B6k | Co-founder and Lead Developer

Skylable open-source object storage: reliable, fast, secure
ht= tp://www.skylable.com

--
Caml-list mailing list.=C2=A0 Subscription management and archives:
https://sympa.inria.fr/sympa/arc/caml-list
Beginner's list: http://groups.yahoo.com/group/ocam= l_beginners
Bug reports: http://caml.inria.fr/bin/caml-bugs



--
=
BD
--001a113775382c673605272ef87c--