The reason for extra security in regards to password hashes stems from the fact that people tend to choose poor passwords and reuse passwords, so a compromise of one database containing password hashes can result in account access on other sites, making password hash storage of critical importance even if the other data stored is not that important. While the app account is not be able to read password hashes, it is still be able to insert password hashes, update passwords hashes, and delete password hashes, so the additional security is not that painful.īy disallowing the app account access to the password hashes, it is much more difficult for an attacker to access the password hashes, even if they are able to exploit an SQL injection or remote code execution vulnerability in the application. This allows the app account to check passwords without having access to read password hashes. The ph account sets these functions up so that the app account can execute the functions using the ph account's permissions. The ph account sets up the database functions that can retrieve the salt for a given account's password, and check if a password hash matches for for a given account. The other account handles password hashes and is referred to as the ph account. The app account does not have access to read the password hashes. The first is the account that the application uses, which is referred to as the app account. Two database functions are added, one to retrieve the salt for a password, and the other to check if a given password hash matches the password hash for the user. Passwords are hashed using bcrypt, and the password hashes are kept in a separate table from the accounts table, with a foreign key referencing the accounts table. There may be cases where you cannot use this feature, such as when using a different database or when you do not have full control over the database you are using. The rest of this section describes this feature in more detail, but note that Rodauth does not require this feature be used and works correctly without it. This reduces the risk of an attacker being able to access password hashes and use them to attack other sites. Used by the jwt feature Security Password Hash Access Via Database Functionsīy default on PostgreSQL, MySQL, and Microsoft SQL Server, Rodauth uses database functions to access password hashes, with the user running the application unable to get direct access to password hashes. Used by default for mailing in the reset password, verify account, and lockout features. Used by default for password matching, can be skipped if password_match? is overridden for custom authentication. Used by all features unless in JSON API only mode. There are some dependencies that Rodauth uses by default, but are development dependencies instead of runtime dependencies in the gem as it is possible to run without them: tilt, rack_csrf JWT (JSON API support for all other features) Single Session (Only one active session per account) Password Complexity (More sophisticated checks) Password Grace Period (Don't require password entry if recently entered) Verify Account Grace Period (Don't require verification before login) Verify Change Login (Reverify accounts after login changes) SMS Codes (2 factor authentication via SMS) Recovery Codes (2 factor authentication via backup codes) Simplicity: Allow for easy configuration via a DSLįlexibility: Allow for easy overriding of any part of the framework Security: Ship in a maximum security by default configuration When used with PostgreSQL, MySQL, and Microsoft SQL Server in the default configuration, it offers additional security for password hashes by protecting access via database functions. It's built using Roda and Sequel, but it can be used with other web frameworks, database libraries, and databases. Rodauth is an authentication and account management framework for rack applications.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |