You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, all oauth access tokens are stored in the database in plaintext. This design decision was made so that further queries could be made to the Discord API if needed, and access to the database would (probably) entail filesystem access, so they would have access to the Github (and discord) API key anyway.
SQL injection wasn't a massive concern of mine at implementation time because all queries were made with parameterized queries, and any queries that returned data of an unexpected shape would either cause a crash, or extra data would be omitted from the response by the serialization step, or sqlx.
In the current implementation, if the appropriate access tokens were obtained, an attacker could use them to access to some discord user info, and could be submitted to Hyde's API to make changes to the wiki (Currently no way to overwrite history through API, any changes made could be reverted).
I believe that one step we could take to increase the security of our application would be implementing token hashing for stored oauth tokens. While this change would prevent us from making subsequent API calls to discord, it would reduce the security risk of an individual having read access to the database. Should there be a point where we need to make subsequent API calls to discord with that token, the application structure could be changed appropriately at that time to reflect that. Tokens expire after 7 days anyway, so I'm not worried about forcing users to re-authenticate because of a breaking change.
Implementing this change would entail using the (argon2)[https://docs.rs/argon2/latest/argon2/] crate to hash API tokens before they are stored in the database, then when validating tokens, hash the provided token before checking it against the database.
The text was updated successfully, but these errors were encountered:
Currently, all oauth access tokens are stored in the database in plaintext. This design decision was made so that further queries could be made to the Discord API if needed, and access to the database would (probably) entail filesystem access, so they would have access to the Github (and discord) API key anyway.
SQL injection wasn't a massive concern of mine at implementation time because all queries were made with parameterized queries, and any queries that returned data of an unexpected shape would either cause a crash, or extra data would be omitted from the response by the serialization step, or sqlx.
In the current implementation, if the appropriate access tokens were obtained, an attacker could use them to access to some discord user info, and could be submitted to Hyde's API to make changes to the wiki (Currently no way to overwrite history through API, any changes made could be reverted).
I believe that one step we could take to increase the security of our application would be implementing token hashing for stored oauth tokens. While this change would prevent us from making subsequent API calls to discord, it would reduce the security risk of an individual having read access to the database. Should there be a point where we need to make subsequent API calls to discord with that token, the application structure could be changed appropriately at that time to reflect that. Tokens expire after 7 days anyway, so I'm not worried about forcing users to re-authenticate because of a breaking change.
Implementing this change would entail using the (argon2)[https://docs.rs/argon2/latest/argon2/] crate to hash API tokens before they are stored in the database, then when validating tokens, hash the provided token before checking it against the database.
The text was updated successfully, but these errors were encountered: