nu/CharmBoard
1
0
Fork 0
Code Issues 8 Pull requests Projects 1 Releases Activity

Multiple password hashing schemes #8

New issue
Open
opened 2024-08-08 06:04:30 +00:00 by nu · 4 comments
nu commented 2024-08-08 06:04:30 +00:00
Owner
Copy link

More password hashing schemes should be available as an option, with CB not throwing errors if the module for one that's not being used isn't installed. This is to hopefully allow CharmBoard to be run on a wider variety of hardware, like if someone has an old PC lying around that they'd like to host the site on. I think I also need to change the way passwords are stored in the DB to make it note which hashing scheme is used (this is really standard so I'm not sure why I didn't already do it from the get-go)

More password hashing schemes should be available as an option, with CB not throwing errors if the module for one that's not being used isn't installed. This is to hopefully allow CharmBoard to be run on a wider variety of hardware, like if someone has an old PC lying around that they'd like to host the site on. I think I also need to change the way passwords are stored in the DB to make it note which hashing scheme is used (this is really standard so I'm not sure why I didn't already do it from the get-go)
nu added this to the CharmBoard v1.0 milestone 2024-08-08 06:05:50 +00:00
nu commented 2024-08-08 06:14:34 +00:00
Author
Owner
Copy link

I'll have to see if optional use statements are a thing in Perl, like if you can have a use statement activated with an if/else statement or something. This would also be useful for making database drivers optional!

I'll have to see if optional `use` statements are a thing in Perl, like if you can have a `use` statement activated with an if/else statement or something. This would also be useful for making database drivers optional!
nu commented 2024-08-08 06:15:44 +00:00
Author
Owner
Copy link

Not use statements, but require statements, a keyword I didn't know existed before now.

See: https://stackoverflow.com/questions/251694/how-can-i-require-an-optional-perl-module-if-installed

Not `use` statements, but `require` statements, a keyword I didn't know existed before now. See: https://stackoverflow.com/questions/251694/how-can-i-require-an-optional-perl-module-if-installed
nu commented 2024-08-08 08:26:59 +00:00
Author
Owner
Copy link

Looks like I'll have to completely change up what CharmBoard::Model::Crypt works like, jeez!

Looks like I'll have to completely change up what `CharmBoard::Model::Crypt` works like, jeez!
nu commented 2024-08-08 08:32:22 +00:00
Author
Owner
Copy link

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html

On top of Argon2, scrypt and bcrypt should be implemented

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html On top of Argon2, scrypt and bcrypt should be implemented
nu removed this from the Workable alpha/beta project 2024-08-24 07:11:35 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels   
bug

   
code clarity

   
code organization

   
database

   
documentation

   
improvement

   
new feature

   
security
No labels
bug
code clarity
code organization
database
documentation
improvement
new feature
security
Milestone
Clear milestone
No items
No milestone
CharmBoard v1.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
nu/CharmBoard#8
No description provided.