Say you lose your password. ComDB doesn't store your password and can only verify it, so we can't provide it if you lose it. Unless we do store it when asked to, in an encrypted way.
Consider a method such as .addSecurityQuestion(name, question, answer). Using a hash of the answer as a password, we then create a new Crypt instance to encrypt the user's password. This encrypted value and the Crypt instance's export string are then stored in the _local/comdb document like this:
{
_id: '_local/comdb',
_rev: '...',
security_questions: {
house: {
question: 'In the house you grew up in, what is buried in the garden?',
exportString: '...',
payload: '...'
}
}
}
A matching db.removeSecurityQuestion(name) would remove the specified security question from _local/comdb.
Thus, a user can retrieve their password by answering exactly any one security question. The user must only ever opt-in to this type of password protection!
Say you lose your password. ComDB doesn't store your password and can only verify it, so we can't provide it if you lose it. Unless we do store it when asked to, in an encrypted way.
Consider a method such as
.addSecurityQuestion(name, question, answer). Using a hash of the answer as a password, we then create a new Crypt instance to encrypt the user's password. This encrypted value and the Crypt instance's export string are then stored in the_local/comdbdocument like this:A matching
db.removeSecurityQuestion(name)would remove the specified security question from_local/comdb.Thus, a user can retrieve their password by answering exactly any one security question. The user must only ever opt-in to this type of password protection!