[basicauth] Encrypt password field #33
Assignees
Labels
idea/new plugin
[legacy] those issues belong to Kong Nation, since GitHub issues are reserved for bug reports.
Comments
|
|
|
Ah yes, it was with the id! Right, thanks |
|
I suggest using |
|
The only problem with encrypting keys is that the user will be able to retrieve it only the first time and never again. Of course this is not ideal. I spoke with @thibaultcha and I agree that the only field that should be encrypted in the password in Basic Authentication, but not the |
thibaultcha
changed the title
thibaultcha
added
idea/new plugin
|
Any news on this? Non-encrypted secrets at rest are a giant audit flag (for me, in particular, for PCI). I would suggest that both the basic_auth and secret_key be hashed; really, if you are not going to pass it back to the backend API, there is no good reason to store it plaintext, including not being able to retrieve it more than once; if the secret key is lost (or stolen or compromised) - you just generate a new one. |
|
moving forward with this, first draft with basic authentication plugin configuration will add a new key 'encryption_method' which will hold:
some code related questions:
|
|
Shouldn't we use bcrypt? |
|
bcrypt is fine by me. |
|
Having both would be better of course yeah |
tyiss
pushed a commit
to tyiss/kong
that referenced
this issue
Sep 2, 2015
thibaultcha
added a commit
that referenced
this issue
Sep 10, 2015
On the contrary of #527, this only allows for sha1 encryption. The reason is that due to the current architecture, we cannot support two types at the same time (supporting plain is a bad practice anyways). Because a basicauth_credential has no relation to a plugin entity (they are **not** semantically related anyways), we cannot now how the password is stored/encrypted. I also took the opportunity of 0.5.0 and the migration script to make that decision. The migration script will be updated to also migrate the current passwords. This does a bit more than #527: - unit tests - support encryption in unit test mode (with a mock using a vendor sha1 library) - comparison of the hash at the proxy level (for actual authentication) Resolves #33
thibaultcha
added a commit
that referenced
this issue
Sep 15, 2015
On the contrary of #527, this only allows for sha1 encryption. The reason is that due to the current architecture, we cannot support two types at the same time (supporting plain is a bad practice anyways). Because a basicauth_credential has no relation to a plugin entity (they are **not** semantically related anyways), we cannot now how the password is stored/encrypted. I also took the opportunity of 0.5.0 and the migration script to make that decision. The migration script will be updated to also migrate the current passwords. This does a bit more than #527: - unit tests - support encryption in unit test mode (with a mock using a vendor sha1 library) - comparison of the hash at the proxy level (for actual authentication) Resolves #33
thibaultcha
added a commit
that referenced
this issue
Sep 21, 2015
On the contrary of #527, this only allows for sha1 encryption. The reason is that due to the current architecture, we cannot support two types at the same time (supporting plain is a bad practice anyways). Because a basicauth_credential has no relation to a plugin entity (they are **not** semantically related anyways), we cannot now how the password is stored/encrypted. I also took the opportunity of 0.5.0 and the migration script to make that decision. The migration script will be updated to also migrate the current passwords. This does a bit more than #527: - unit tests - support encryption in unit test mode (with a mock using a vendor sha1 library) - comparison of the hash at the proxy level (for actual authentication) Resolves #33
gszr
pushed a commit
that referenced
this issue
Jun 10, 2021
This commit fixes a bug where the plugin tries to send HTTP status code after the response body is sent for `/metrics` endpoint. This resulted in error logs in Kong. A test has been added to ensure that no error logs are generated when `/metrics` is scraped by Prometheus. Another test has been added to ensure that the response body only contains either metrics or comments describing the metrics. This test is added to catch regression for #4077, where Kong injected HTML generated by the default Lapis handler. Fixes #32 From #33
gszr
pushed a commit
that referenced
this issue
Jul 7, 2021
gszr
pushed a commit
that referenced
this issue
Aug 6, 2021
This commit fixes a bug where the plugin tries to send HTTP status code after the response body is sent for `/metrics` endpoint. This resulted in error logs in Kong. A test has been added to ensure that no error logs are generated when `/metrics` is scraped by Prometheus. Another test has been added to ensure that the response body only contains either metrics or comments describing the metrics. This test is added to catch regression for #4077, where Kong injected HTML generated by the default Lapis handler. Fixes #32 From #33
gszr
pushed a commit
that referenced
this issue
Oct 26, 2021
gszr
pushed a commit
that referenced
this issue
Oct 27, 2021
hutchic
added a commit
that referenced
this issue
Jun 10, 2022
* chore(rename) rename the default package to Kong * feat(compatibility) add a provides to maintain backwards compatibility
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
api_keys and password (stored in secret_key field) must be hashed.
@ahmadnassri What did we decided already? The public_key being the salt?
The text was updated successfully, but these errors were encountered: