|
|
|
|
|
|
by jeremyevans
3209 days ago
|
|
|
Restricting access to the password hashes using database security so that a vulnerability in the web application cannot expose password hashes unless a separate vulnerability in the database was also exploited. In PostgreSQL (and other SQL databases), this generally involves having multiple database users with separate permissions, making it so that the database user the web application uses doesn't not have SELECT permissions for the password hash column. If you want an example for a Ruby authentication library that does this, there is Rodauth: https://github.com/jeremyevans/rodauth |
|
|