-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a session wrapper to encrypt the data before storing it on disk #17744
Conversation
|
||
/** | ||
* @return \OC\Session\CryptoWrapper | ||
**/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
doc block failed
I have voiced my concerns at https://github.com/owncloud/enterprise/issues/518, please document properly in a PHPDoc that this is only obfuscation. |
// TODO circular dependency | ||
// $request = \OC::$server->getRequest(); | ||
// $this->passphrase = $request->getCookie('oc_sessionPassphrase'); | ||
$this->passphrase = $_COOKIE['oc_sessionPassphrase']; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will make everything explode if a client does not resend the cookies - are we all REALLY aware of this?
This WILL break stuff.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also does this check here for an empty cookie value? - In that case it will use the instance's secret
which may lead to unexpected behaviour. We should hard-fail there rather.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the cookie does not exist, we will start a new one.
This WILL break stuff.
Executable code please, so I can test it.
@MTRichards @cmonteroluque I have voiced my concerns mainly ignored at https://github.com/owncloud/enterprise/issues/518 – if we add this we need to add a huge documentation in the code and as well in the documentation that this does not provide any further security against malicious administrators. – We shall not add crypto snakeoil without marking it as such, otherwise the world will laugh about us again 🙊 |
I am fine with documenting this appropriately, no issues there at all. |
*/ | ||
public function wrapSession(ISession $session) { | ||
if (!($session instanceof Crypto) && $this->config->getSystemValue('encryptSessionData', false)) { | ||
return new Crypto($session, $this->crypto, $this->passphrase); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we use a full namespace here or rename the class? "Crypto" is somewhat ambiguous as it is used in other contexts as well.
5350f14
to
e7f7ce1
Compare
e7f7ce1
to
c9b102f
Compare
A new inspection was created. |
// TODO circular dependency | ||
// $request = \OC::$server->getRequest(); | ||
// $this->passphrase = $request->getCookie(self::COOKIE_NAME); | ||
$this->passphrase = $_COOKIE[self::COOKIE_NAME]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
copied to keep the discussion from @LukasReschke
This will make everything explode if a client does not resend the cookies - are we all REALLY aware of this?
This WILL break stuff.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Executable samples would be nice, so I can test this.
I'm actually wondering if it would be possible to have this happen on base of a cookie that is already handled properly: The PHP session cookie. Something like:
@nickvergessen What do you think? – From my PoV this should be possible using a custom session handler. |
Something like the following - note: simplified!
This way we have the same level of security (though debatable) with a more stable approach and less bug potential. - Note that above algorithms are just an example :) |
I agree with @LukasReschke This might be the better and simpler solution |
As discussed with @nickvergessen I will hijack this branch and try to implement my suggested approach. |
Feel free to take over, since I will be away the next weeks |
But hijacking sounds so much cooler than taking over 😢 |
As discussed with @butonic I will also create a custom callback for |
Superseded by #17866 |
@DeepDiver1975 @LukasReschke @schiesbn