...
Sequence diagram login
The LoginResource loginResource should only send requests to the controller and should return only one response, because the class is a resource class. The LoginController class is a controller and provides a link between the resource and the data classes. It sends the necessary methods to the other classes, so that LoginResource may not become a God class. The controller also returns the response to the LoginResource.return the response, since it's a resource and should apply the Single Responsibility rule. The loginService is an information expert, since it knows and keeps all the information from the classes. The userDAO sends a call to the database, which happens in the selectQuery method.
Design decisions
Decision | Description |
---|---|
Problem/Issue | The passwords can be seen by anyone who has access to the database. This is a huge security risk. |
Decision | Using Argon2, we can hash the passwords of users, so that a hashed password is stored in the database. This prevents hackers from seeing someone elses password. |
Alternatives | SHA-512, MD5, PBKDF2, BCrypt, and SCrypt (Millington, 2022) |
Arguments | From a comment in Baeldung (Millington, 2022), I saw Argon2 being suggested. Going to the Supertokens website (Supertokens Team, 2022), I found a tool that detects how safely a password is. With that Supertokens also recommended to use this hashing tool this march, which is quite recent. It uses more resources from your computer, but it makes a stronger password from it. Regterschot Racing required minimum security, that also includes a hashed password. |
...