[pbs-devel] [PATCH proxmox-backup 09/12] auth: move to hmac keys for csrf tokens

Stefan Sterz s.sterz at proxmox.com
Fri Feb 23 10:26:29 CET 2024


On Mon Feb 19, 2024 at 7:55 PM CET, Max Carrara wrote:
> On 2/15/24 16:19, Stefan Sterz wrote:
> > previously we used a self-rolled implementation for csrf tokens. while
> > it's unlikely to cause issues in reality, as csrf tokens are only
> > valid for a given tickets lifetime, there are still theoretical
> > attacks on our implementation. so move all of this code into the
> > proxmox-auth-api crate and use hmac instead.
> >
> > this change should not impact existing installations for now, as this
> > falls back to the old implementation if a key is already present. hmac
> > keys will only be used for new installations and if users manually
> > remove the old key and
> >
> > Signed-off-by: Stefan Sterz <s.sterz at proxmox.com>
> > ---
> > note that the fallbacks here and in `proxmox-auth-api` should be removed
> > with the next (major) version if possible. [...]
>
> As mentioned in my reply to patch 04, we should somehow ensure that this
> removed with some kind of compile time check or similar, so we *really*
> don't miss it.
>

yeah, as stated before, that makes sense but imo should be worked out
separatelly from this series.

-- >8 snip 8< --




More information about the pbs-devel mailing list