Skip to content
This repository has been archived by the owner on Sep 2, 2021. It is now read-only.

[Auth] Security improvements #88

Open
2 of 3 tasks
gdude2002 opened this issue Nov 19, 2015 · 2 comments
Open
2 of 3 tasks

[Auth] Security improvements #88

gdude2002 opened this issue Nov 19, 2015 · 2 comments
Assignees
@gdude2002
Labels
Enhancement Major Plugin Security
Milestone
1.???

Comments

@gdude2002
Copy link
Member

gdude2002 commented Nov 19, 2015
edited
Loading

  • Auth should support multiple hashing algorithms, with the possibility of conversion and mixing.
    • PBKDF2 and bcrypt should be recommended, with bcrypt being the best, a la django
  • Auth should use a database (Eg sqlite) for efficiency
  • mkpasswd is awful, fix that

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/28382145-auth-security-improvements?utm_campaign=plugin&utm_content=tracker%2F269930&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F269930&utm_medium=issues&utm_source=github).
@gdude2002 gdude2002 self-assigned this Nov 19, 2015
@gdude2002 gdude2002 added this to the 1.??? milestone Nov 19, 2015
@gdude2002
Copy link
Member Author

Turns out that bcrypt has wheels now, so no compilation is required on Windows - I've added it to the default requirements because of that.

@gdude2002
Copy link
Member Author

I honestly have no idea how to implement a database without having to support deferreds all the way up the tree, which is frankly not something I want to do right now.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@gdude2002 gdude2002

Labels
Enhancement Major Plugin Security
Projects
None yet
Milestone
1.???
Development

No branches or pull requests
1 participant
@gdude2002