Uploaded image for project: 'Runtime'
  1. Runtime
  2. RUNTIME-660

Think about form cookie encryption

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Major Major
    • 2.7, 3.9
    • 2.2.1
    • None
    • None

      Currently the Ametys cookie is simply a storage : login + password... that's really non secure.
      At least we could encode (not encrypt) to make it less redeable.

      But it would be better to store a key or something... let's think about it

        1. Trunk_Runtime_UsersToken.patch
          39 kB

          [RUNTIME-660] Think about form cookie encryption

          Laurence Aumeunier added a comment -

          Done in 3.6

          Laurence Aumeunier added a comment - Done in 3.6

          Quentin Glinel-Mortreuil (Inactive) added a comment - - edited
          • the retained solution is to store a login + a token in the Ametys cookie.
          • new table in database : UsersToken
          • in order for this patch to work properly, the WEB-INF/param/authentication.xml has to be changed : 
            <authentications>  <authentication>org.ametys.runtime.plugins.core.authentication.token.TokenUsersManagerAuthentication
</authentication>
</authentications>

          Quentin Glinel-Mortreuil (Inactive) added a comment - - edited the retained solution is to store a login + a token in the Ametys cookie. new table in database : UsersToken in order for this patch to work properly, the WEB-INF/param/authentication.xml has to be changed : <authentications> <authentication> org.ametys.runtime.plugins.core.authentication.token.TokenUsersManagerAuthentication </authentication> </authentications>

            laurence Laurence Aumeunier
            raphael Raphaël Franchet
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: