You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by Michael Dürig <mi...@gmail.com> on 2011/02/22 12:05:17 UTC
Security of token base authentication
Hi,
Token based authentication as implemented with JCR-2851 seems to exhibit
a security issue: the token returned by the server consists of the
identifier of a (newly created) node in the repository. An attacker who
is able to guess (or acquire by other means i.e. via log files) that
identifier will be granted access to the repository. Worse yet, JCR-2857
introduces sequential node ids. Guessing is a piece of cake in such a
setup.
I think we should decouple authentication secrets from node ids. A
simple solution would be to store the secret in a token attribute and
delegate generation of the secret to a dedicated handler. Such a handler
can then use a secure random generator, private/public key encryption or
whatever other method that is deemed appropriate to generate the
authentication secret.
Michael
Re: Security of token base authentication
Posted by Angela Schreiber <an...@adobe.com>.
hi michi
> Worse yet, JCR-2857 introduces sequential node ids.
right, forgot about those... in a first step i assert that no sequential
nodeIDs are used.
> I think we should decouple authentication secrets from node ids. [...]
whatever you feel was appropriate :)
regards
angela