Details
-
Epic
-
Resolution: Unresolved
-
High
-
None
-
None
-
None
-
None
-
Hardening security
Description
Hashes
- ✅ Stronger password hash (bcrypt)
- ✅ Make doc more verbose on app secrets
- Consider having several app secrets for separate uses, if possible
- Consider using the Symfony secrets system to keep secrets unreadable in config files: App secret, DB password, Varnish invalidate token, JWT passphrase...
- Support Argon2 hashes https://jira.ez.no/browse/EZP-31682
- Support variable hash cost https://www.php.net/manual/en/function.password-hash.php
Cookies
- Safer defaults for session cookie (httponly, ..)
- Session cookie secure bit, however needs to be opt in for anyone not on https (for instance in dev, a strict but almost sane default would be to force it in prod, but would need doc and banner on login page when in http about login not working to make it clear. Or some other way)
Other
- Never email password (or expose it over other unencrypted channels)
- Limit login attempts (per IP, per time...)
- Sign updates to composer packages somehow (built on signed git tags?)
- Be more vocal/stricter on enforcing use of HTTPS for authenticated traffic (logged in to front/UI/REST/...)
- Set autocomplete=off on forms for user credentials (stock templates)
Ref: https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence
Designs
Attachments
Issue Links
- relates to
-
IBX-3028 Configurable response headers
-
- Open
-
