stackoom
  简体   繁体   中英

How to set up a temporally password accessed ressouce?

 原文  2021-11-07 20:49:39       database/ security/ cloud/ conceptual

Question

Context

Developing a platform with contents and some files. Users can create a resource, and set it:

  • private: only accessible for him
  • protected: accessible via a password that can expire
  • public: no security rules to access

Problem

Considering we have that 2 tables:

数据库中的表

We want to protect our element table if visibility = 'protected'. So creator should give a password for resource access, and set an expiration date.

Users can set many passwords with a different expiration date. How can we store that password, with security, and thinking about the user can share a password, close password access, and get his password access to share resources when he needs them.

We talk here about a conception of the solution, don't care about languages or orm.

Potential solution

Cron job

Create a table joining passwords with entities, and when the user sets a password, launch a cron job that will set an attribute like active to false when the expiration date is reached.

Problem: making our app stateful, if cloud-based and the pod crash, cron job fell in void...

Store it in base64

To allow users to get back already set passwords, we have to get symmetric encryption algorithm to encrypt and decrypt the password, but that exposes resources if the database is compromised..

Also creating a table joining passwords with entities here.

No more ideas for the moment... How would you do ?

The best solution should be stateless and don't store passwords in clear.

1 answers

solution1
 0  2021-11-14 22:06:11

I can think of other two solutions

  • A PubSub mechanism, which you can choose to trigger when to execute. For example, when you create a password today and want it to expire tomorrow. you can create a pubsub task that will trigger in a day. The task will remove that password.

  • A JWT token, which is a token that encoded the information in there, which includes the expiration date. When you verify that token, you will verify the signature to make sure it is not tampered and also if it is still valid. If you need to store secret inside it, you can use RS256.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to set up database password for a Symfony project hosted at platform.sh? How to set a password security limit in Postgresql? how to set a password for a specified database in MySQL How to set password to user in database directly? How do I set this up? How to set up a remote database? How to make up for changed Sql Server database password How to set password Auth in MongoDB as other RDBMS have? How to set empty string as password for MYSQL database in properties file. How to set up an inner join with GRDB
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM