A master key shall be asked to create/edit/delete an Administrator account, modify the site without Administrator account, turn the site into maintenance mode, and perform other root actions.
The master key can be supplied by:
1.manual input as a password (insane)
2.credential file at the fix location on the machine as /.credential/site/cooprs
Notice: which is, NOT an environmental variable, a string of username will be recorded on the server site (and updated per new credential file request), so this file is useless on a different machine...... unless the machine has the same user account or the person can decode the content of this file.
Generation/Encryption process:
0.prompt for current master key
1.prompt for a RAW password with score higher than 2
2.hash the ( password + username )
3.concatenate with 'U+26e9' at the end, so only few human on the world is able to input this thing
4.save it to /.credential/site/cooprs and /.credential/ with UTF-32 encoding
5.show the result string to the user
Initialisation:
1.check if /.credential/ exist
2.if that directory exist but empty or with more than one file, then the site has been cracked, lock the site and send an email to root user
3.if there is only one file, then master key had been initialised already, terminate the process
4.if that directory does not exist, then follow the generation sequence using root user's password
A master key shall be asked to create/edit/delete an Administrator account, modify the site without Administrator account, turn the site into maintenance mode, and perform other root actions.
The master key can be supplied by: 1.manual input as a password (insane) 2.credential file at the fix location on the machine as/.credential/site/cooprs
Notice: which is, NOT an environmental variable, a string of username will be recorded on the server site (and updated per new credential file request), so this file is useless on a different machine...... unless the machine has the same user account or the person can decode the content of this file.
Generation/Encryption process: 0.prompt for current master key 1.prompt for a RAW password with score higher than 2 2.hash the ( password + username ) 3.concatenate with 'U+26e9' at the end, so only few human on the world is able to input this thing 4.save it to/.credential/site/cooprs and /.credential/ with UTF-32 encoding
5.show the result string to the user
Initialisation: 1.check if/.credential/ exist
2.if that directory exist but empty or with more than one file, then the site has been cracked, lock the site and send an email to root user
3.if there is only one file, then master key had been initialised already, terminate the process
4.if that directory does not exist, then follow the generation sequence using root user's password