Closed diracdeltas closed 8 years ago
i could use your counsel on this:
login.organization
configuration variable.the core reference for creating the "sid" cookie is is https://www.npmjs.com/package/iron in which we have
var password = 'some_not_random_password';
what is going on here is that the "password" is one of the inputs to an algorithm to encrypt information in the "sid" cookie which can be used to verify that the user has previously authenticated.
If we regenerate the string on startup, all user cookies are invalidated every time the server is restarted. Could we just put a randomly-generated string in config/config.development.js for this?
You're using MongdoDB, right? Why not store a randomly generated secure key there?
What is this authentication for? I thought we weren't maintaining any session/cookie based logins for the vault anymore? We actually can't according to our current privacy policy.
@therealklanni - hi! i like @diracdeltas' suggestion better because it fits in with the existing configuration file. there's nothing wrong with using a DB instead except that we currently don't keep configuration in a database, it's in config/config.*.js (depending on whether the code is running on a server or under development or test)
@bdriver - it is used by administrative users only, e.g., to populate the ad-manifest table...
gotcha, thanks!
@diracdeltas - what's your thinking on the PR?
in src/index.js:
what is this auth strategy used for?
please address before open sourcing, thanks