zdm/envoy
zdm/envoy
Archived
3
Fork 0
Code Issues 22 Pull Requests Releases 1 Wiki Activity

Token-Based Authentication #28

New Issue
Closed
opened 2020-09-17 23:42:35 +02:00 by delvh · 1 comment
delvh commented 2020-09-17 23:42:35 +02:00
Owner
Copy Link

At the current point, people who have access to run configurations are the only ones who can automatically log-in.
While you could write your own Bash function that supplies the command line arguments, most users will not know about that option yet.
So, we need a mechanism so that even normal humans can log-in without always having to see the login scene.

At the current point, people who have access to run configurations are the only ones who can automatically log-in. While you could write your own Bash function that supplies the command line arguments, most users will not know about that option yet. So, we need a mechanism so that even normal humans can log-in without always having to see the login scene.
delvh added this to the v0.2-beta milestone 2020-09-17 23:42:35 +02:00
delvh added the
client
 label 2020-09-17 23:42:35 +02:00
kske commented 2020-09-18 08:50:29 +02:00
Owner
Copy Link

Obviously, we cant just save the users login credentials somewhere on his machine. The current autologin mechanism through the config is just a utility for developers, because passing a password to an application as a commandline parameter is highly insecure.

Instead, the server could generate an authentication token after a successful login, which can then be used to log in that user for a certain amount of time. On subsequent logins, the client can send just the token, which can be stored on the users machine.

While this is the standard way of persisting a users authentication on a machine, we might get a problem with local database encryption, as the password might not entered on application startup and the token is saved unencrypted.

Once this is implemented, we can ditch the current autologin mechanism, as token based authentication can also be used during development.

Obviously, we cant just save the users login credentials somewhere on his machine. The current autologin mechanism through the config is just a utility for developers, because passing a password to an application as a commandline parameter is highly insecure. Instead, the server could generate an authentication token after a successful login, which can then be used to log in that user for a certain amount of time. On subsequent logins, the client can send just the token, which can be stored on the users machine. While this is the standard way of persisting a users authentication on a machine, we might get a problem with local database encryption, as the password might not entered on application startup and the token is saved unencrypted. Once this is implemented, we can ditch the current autologin mechanism, as token based authentication can also be used during development.
kske added the
L
server
 labels 2020-09-18 08:50:53 +02:00
kske added a new dependency 2020-09-18 08:55:13 +02:00
#1 Encrypt LocalDB
kske changed title from Autologin mechanism to Token-Based Authentication 2020-09-18 09:58:51 +02:00
kske self-assigned this 2020-09-18 09:58:56 +02:00
kske started working 2020-09-18 09:59:02 +02:00
kske stopped working 2020-09-18 10:28:23 +02:00
29min 21s
kske removed a dependency 2020-09-19 13:55:57 +02:00
#1 Encrypt LocalDB
kske closed this issue 2020-09-19 14:31:02 +02:00
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
client

Envoy Client

  
server

Envoy Server

  
user made

This issue has been created through Envoy

  
L

Branches where 300 < X <= 600 lines are added and more than one work day is needed

  
M

Branches where 100 < X <=300 lines are added

  
S

Branches where X <= 100 lines are added or less than 30 minutes are needed

  
XL

Branch where X > 600 lines are added and more than two work days are needed

  
bug

Something is not working

  
bugfix

Fixes a bug

  
discussion

This has to be discussed

  
documentation

Related to documentation

  
feature

Introduces a new feature

  
maintenance

Related to project maintenance

  
postponed

Won't be done in the immediate future

  
refactoring

Refactoring code or architectures

  
wontfix

Will not be fixed in this state of development

No Label
client
server
user made
L
M
S
XL
bug
bugfix
discussion
documentation
feature
maintenance
postponed
refactoring
wontfix
Milestone
Clear milestone
No items
No Milestone
v0.2-beta
Assignees
Clear assignees
No Assignees
kske
2 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: zdm/envoy#28
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?