search

datastorm-open / shinymanager

Simple and secure authentification mechanism for single shiny applications.
https://datastorm-open.github.io/shinymanager/
386 stars 79 forks source link

Too long delay for check_credentials #118

Closed dmenne closed 3 years ago

dmenne commented 3 years ago

The standard block below to check credentials needs 3 seconds on my very fast computer, which is too long for users.

I know that this is for security, but how can I reduce the planned slowness of crypt?

# 3 seconds for this block
res_auth = secure_server(
    check_credentials = check_credentials(
      sqlite_path,
      passphrase = passphrase
    )
  )

Make maxtime an optional variable:

hashPassword(passwd, maxmem = 0.1, maxtime = 1)

dmenne commented 3 years ago

Hello.... any comment?

pvictor commented 3 years ago

Hello,

You can hash the password yourself if you want to customize the hash function:

credentials <- data.frame(
  user = c("shiny", "shinymanager"),
  password = c("azerty", "12345"),
  stringsAsFactors = FALSE
)
# Hash your password with parameter you want
credentials$password <- sapply(credentials$password, scrypt::hashPassword, maxmem = 0.1, maxtime = 1)
# add a column is_hashed_password to indicate that password is hashed
credentials$is_hashed_password <- TRUE

# Create the database
create_db(
  credentials_data = credentials,
  sqlite_path = "database.sqlite", # will be created
  passphrase = "key"
)

# check if it's working
check <- check_credentials(db = "database.sqlite", passphrase = "key")

check("shiny", "azerty")

Victor