Keep User secrets out of active memory #179
Labels
enhancement
This task is adding new behavior or performing other refactoring improvements.
Comments
DavidRieman
added
the
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now while we have a User logged into an active session, the
Userobject is fully in memory. This currently includes theirSaltandHashedPassword. However, we have to assume that at some point a malicious actor on the server may find some way to dig into the objects held in memory, and thus retrieve these properties from online session User objects. (From there it's probably trivial to brute force the passwords offline without raising any suspicion from failed login attempts.) We should see if we can reduce this additional attack surface. One way that should help would be to move authentication-related data out to its own entries in the DB, then, only when auth is successful is the resultingUserobject loaded, and that won't pin the Salt or HashedPassword around in memory anymore.(Note this impacts how PW Change #43 should get fixed.)
The text was updated successfully, but these errors were encountered: