I’m building a web app that will use oAuth to access the API. In this case the client will sign a request with a private key and the web service will verify that signature against the public cert on record.
In order to remove man-in-the-middle issues I’ll be storing Nonce’s for a period of 10 minutes (GMT - 0005 to GMT + 0005).
I am thinking I can use a SQLite in memory db, or a dictionary or perhaps an array of Nonce objects.
I need to use 3 components for the Nonce, the oAuthToken, timestamp & nonce. I am concerned about memory management with these options where I will be deleting Nonce’s past their TTL.
Your opinions will be gratefully received.