时钟偏差和令牌 [英] Clock skew and tokens

查看:21
本文介绍了时钟偏差和令牌的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要帮助来了解时钟偏差的工作原理.我们定义时钟偏差来处理两方之间的时间变化.但是,我的困惑是:

I need help to understand how clock skew works. We define clock skew to deal with time variation between two parties. But, my confusion is:

  1. 我们拥有令牌本身的所有信息,例如令牌创建时间和到期时间
  2. 可以验证令牌
  3. 令牌在服务器上创建

那么,为什么我们需要时钟偏差?谁能给我举个例子说明它是如何工作的,以及它在哪些情况下会导致问题或好处?

So, why do we need clock skew? Can anyone give me the example for how it works and in which scenarios it can cause problems or benefits?

推荐答案

让我们考虑一个短期访问令牌.当我向服务器发出请求时,服务器将检查我的令牌是否已过期.它如何检查它是否知道令牌何时创建以及现在是什么时间.大多数访问令牌会在一个小时后过期,但这实际上取决于它在身份验证服务器中的设置方式.因此,如果令牌是在一个多小时前创建的,则它已过期,并且会通知用户.这就是我们尝试确保服务器与 NTP 同步的原因.

Lets consider a short lived access token. When I make a request to a server the server will check to see if my token has expired. How does it check that well it knows when the token was created and it knows what time it is now. Most access tokens expire after an hour but it really depends on how it was set up in the auth server. So if the token was created more than an hour ago its expired and the user is informed of that. This is why we try to ensure that servers are in sync with NTP.

让我们首先考虑什么是时钟偏差.如果我们有两个身份验证服务器怎么办?你怎么知道他们会有相同的时间?如果他们实际上差了几分钟怎么办.一台服务器将返回令牌已过期,而另一台则不会.如果您是一家小公司,这可能无关紧要.

Lets consider first what exactly is clock skew. What if we have two auth servers? How do you know that they will have the same time? What if they are in fact off by a few minutes. One server will return that the token has expired and the other wont. If you are a small company this probably doesn't matter.

现在考虑一下您是否是一家在全球拥有服务器的大型搜索引擎公司.假设它是 2016 年的秋天,夏令时开始了.现在你有一些服务器在一个时间运行,而其他服务器在另一个时间运行.也许只是也许某个国家/地区决定在开始夏令时时进行更改,并且大量代币无缘无故失效.免责声明我不为上述搜索引擎公司工作.我只是看着这件事发生,这是我对发生的事情的理论.

Now consider if you are a big search engine company with servers all around the world. Lets say its the fall of 2016 and daylight savings time kicks in. Now you have some servers running on one time and others running at another. Maybe just maybe some country decides to change when they start daylight savings time and boom a bunch of tokens get invalidated for no reason. disclaimer I do not work for said search engine company. I just watched this happen and this is my theory as to what happened.

为什么我们需要时钟偏差.

Why do we need clock skew.

您不需要它,但如果您有两个身份验证服务器,则可以拥有它.所以你可能应该处理它.https://softwareengineering.stackexchange.com/a/245182/160992

You dont need it it but if you have two auth servers you could have it. So you should probably deal with it. https://softwareengineering.stackexchange.com/a/245182/160992

这篇关于时钟偏差和令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆