Add a session wrapper to encrypt the data before storing it on disk #17744
Conversation
|
|
||
| /** | ||
| * @return \OC\Session\CryptoWrapper | ||
| **/ |
There was a problem hiding this comment.
doc block failed
|
I have voiced my concerns at https://github.com/owncloud/enterprise/issues/518, please document properly in a PHPDoc that this is only obfuscation. |
| // TODO circular dependency | ||
| // $request = \OC::$server->getRequest(); | ||
| // $this->passphrase = $request->getCookie('oc_sessionPassphrase'); | ||
| $this->passphrase = $_COOKIE['oc_sessionPassphrase']; |
There was a problem hiding this comment.
This will make everything explode if a client does not resend the cookies - are we all REALLY aware of this?
This WILL break stuff.
There was a problem hiding this comment.
Also does this check here for an empty cookie value? - In that case it will use the instance's secret which may lead to unexpected behaviour. We should hard-fail there rather.
There was a problem hiding this comment.
If the cookie does not exist, we will start a new one.
This WILL break stuff.
Executable code please, so I can test it.
|
@MTRichards @cmonteroluque I have voiced my concerns mainly ignored at https://github.com/owncloud/enterprise/issues/518 – if we add this we need to add a huge documentation in the code and as well in the documentation that this does not provide any further security against malicious administrators. – We shall not add crypto snakeoil without marking it as such, otherwise the world will laugh about us again 🙊 |
|
I am fine with documenting this appropriately, no issues there at all. |
| */ | ||
| public function wrapSession(ISession $session) { | ||
| if (!($session instanceof Crypto) && $this->config->getSystemValue('encryptSessionData', false)) { | ||
| return new Crypto($session, $this->crypto, $this->passphrase); |
There was a problem hiding this comment.
Can we use a full namespace here or rename the class? "Crypto" is somewhat ambiguous as it is used in other contexts as well.
nickvergessen
force-pushed
the
encrypt-session-data
branch
from
5350f14
to
e7f7ce1
Compare
nickvergessen
force-pushed
the
encrypt-session-data
branch
from
e7f7ce1
to
c9b102f
Compare
|
A new inspection was created. |
| // TODO circular dependency | ||
| // $request = \OC::$server->getRequest(); | ||
| // $this->passphrase = $request->getCookie(self::COOKIE_NAME); | ||
| $this->passphrase = $_COOKIE[self::COOKIE_NAME]; |
There was a problem hiding this comment.
copied to keep the discussion from @LukasReschke
This will make everything explode if a client does not resend the cookies - are we all REALLY aware of this?
This WILL break stuff.
There was a problem hiding this comment.
Executable samples would be nice, so I can test this.
|
🚀 Test PASSed.🚀 |
|
I'm actually wondering if it would be possible to have this happen on base of a cookie that is already handled properly: The PHP session cookie. Something like:
@nickvergessen What do you think? – From my PoV this should be possible using a custom session handler. |
|
Something like the following - note: simplified!
This way we have the same level of security (though debatable) with a more stable approach and less bug potential. - Note that above algorithms are just an example :) |
|
I agree with @LukasReschke This might be the better and simpler solution |
|
As discussed with @nickvergessen I will hijack this branch and try to implement my suggested approach. |
|
Feel free to take over, since I will be away the next weeks |
|
But hijacking sounds so much cooler than taking over 😢 |
|
As discussed with @butonic I will also create a custom callback for |
|
Superseded by #17866 |
@DeepDiver1975 @LukasReschke @schiesbn