...
<Describe all design decisions made for the sub-system. Provide at least decision descriptions for all frameworks, libraries and other technologies used. Other decisions may be related to software patterns, system-structure, adapted principles or the like.>
Login
Sequence diagram
The user sends a request to the LoginResource class. This LoginResource class sends out a get request to LoginController, to get the name of the user. After that, the LoginController requests the data of the user from the database. This happens in the UserDAO class. As soon as the LoginController recieves the user, the system will check if the password is correct. This password is hashed, so that it is much more secure. If this password is correct, the LoginResource will continue and will send a createToken request for the user, to the LoginController class. This token and a username will be given back to the user, with a 200 response (ok status). If this password is incorrect, then an exception will be thrown to LoginResource and a 403 response will be shown to the client.
Design decisions
Decision | Description |
|---|---|
Problem/Issue | The password can't be seen in the database, so that hackers aren't able to login to other accounts. |
| Decision | Using Argon2, we can hash the passwords of users, so that a hashed password is stored in the database. This prevents hackers from seeing someone elses password. |
| Alternatives | SHA-512, MD5, PBKDF2, BCrypt, and SCrypt (Millington, 2022) |
| Arguments | From an comment in Baeldung (Millington, 2022), I saw Argon2 being suggested. Going to the Supertokens website (Supertokens Team, 2022), I found a tool that detects how safely a password is. With that Supertokens also recommended to use this hashing tool this march, which is quite recent. It uses more resources from your computer, but it makes a stronger password from it. Regterschot Racing required minimum security, that also includes a hashed password. |
...