3

I am developing a Django application where a user logs in with Kerberos, and then has accesses to a number of internal applications.

One of these is a file application that connects to a server over SFTP and allows the user to browse their stored files. Because this would result in needing to authenticate with that server several times over the life of the session, I would like the cache the password that a user enters when they first log in to the site in some way but, due to security concerns, I don't want to just save the password as plaintext in the server's database.

My current thought is to use AES, or some other similar cryptographic algorithm, and store half of the data needed to decode the password in a server-side session and the other half in a client-side browser cookie.

Would this be a good idea? Can you suggest any other solutions?

James
  • 31
  • 1

2 Answers2

1

Perhaps the app should use Kerberos to authenticate to the server, as well? E.g. using constrained delegation.

Alternatively it could have a SSH key of its own, one that works for all accounts but only from the webapp server's address.

user1686
  • 1,041
  • 8
  • 17
0

One of the main reasons for hashing passwords and not encrypting them is that people tend to reuse passwords (or minor variants) across many sites. So a password disclosure puts your site at risk and the user across all sites that they've (foolishly) reused that password.

A better strategy is to obtain a temporary piece of data for the user that securely asserts that they've been authenticated. OAuth tokens and Kerberos tickets are two common examples. Session IDs are also frequently used. As these are temporary, they are only valuable to an attacker for a short period of time (compared to a password) and can't be used to attack the user's accounts on other sites.

Neil Smithline
  • 14,621
  • 4
  • 38
  • 55