Versions Compared

Old Version 35

changes.mady.by.user Wijnand vanZyl

Saved on

compared with

New Version 36

changes.mady.by.user Thomas Droppert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Sequence diagram

The LoginResource returns the response to the user. The LoginResource needs to get the name of the user, so it may check if the login is correct and that it knows who the create token is for. If LoginResource doesn't know the username, then duplicate code will be created in the LoginController. The response changes if the verification proces is not correct. This creates an 403 response back to the resource and will throw an exception in the code. If it is correct, then it will execute createToken and getUserWithUsername. The userDAO needs to create a LoginRequestDTO class, so that it may store the data from the database in the code. This data is then added in an array called users, that gets called back to LoginController. In createToken there is a new create message being send to LoginResponseDTO. This happens, so that the response back to the user contains a token and a usernameshould only send requests to the controller and should return only one response, because the class is a resource class. The LoginController class is a controller and provides a link between the resource and the data classes. It sends the necessary methods to the other classes, so that loginresource may not become a God class.

Design decisions

Decision

Description

Problem/Issue

The passwords can be seen by anyone who has access to the database. This is a huge security risk.
DecisionUsing Argon2, we can hash the passwords of users, so that a hashed password is stored in the database. This prevents hackers from seeing someone elses password.
AlternativesSHA-512, MD5, PBKDF2, BCrypt, and SCrypt (Millington, 2022)
ArgumentsFrom a comment in Baeldung (Millington, 2022), I saw Argon2 being suggested. Going to the Supertokens website (Supertokens Team, 2022), I found a tool that detects how safely a password is. With that Supertokens also recommended to use this hashing tool this march, which is quite recent. It uses more resources from your computer, but it makes a stronger password from it. Regterschot Racing required minimum security, that also includes a hashed password.

...