[Twisted-Python] twisted.cred interface deficiences

Laurens Van Houtven _ at lvh.cc
Mon Apr 1 17:12:21 EDT 2013 

Why does IUsernameHashedPassword have to be renamed? It sounds like it's
the appropriate thing already.


On Mon, Apr 1, 2013 at 10:55 PM, Shell <cam.turn at gmail.com> wrote:

> The twisted.cred.IUsernamePassword interface declares:
>
> * IUsernamePassword.username - "The username associated with these
> credentials."
> * IUsernamePassword.password - "The password associated with these
> credentials."
> * IUsernamePassword.checkPassword(password) - "Validate these
> credentials against the correct password."
>
> The issue is that the interface (according to exarkun) allows you to
> implement checkPassword() to do things other than the obvious
> "password == self.password". Now, this is an issue because Twisted
> then explicitly supports (again, according to exarkun) two different
> uses of this interface by the credentials checker:
>
> * Call the checkPassword() method, passing it the correct password
> * Just take the password out and do whatever you want with it (which
> is necessary in any secure system)
>
> Now, imagine I write a version of checkPassword() in a library which
> does something security-centric (what would this be? shouldn't it be
> part of the checker?), assuming that it'll be used by a credentials
> checker which calls checkPassword(). Except... then, a library user
> uses it with a credentials checker which checks the password itself.
> Now they're skipping over my security-centric code!
>
> So I have to tell my library users that they have to use my library
> with a credentials checker which makes sure to call checkPassword(),
> not just one which accepts the correct interface.
>
> IUsernamePassword's docstring claims that the stored password must be
> reversible to plaintext to be compared with the password, which
> implies that taking the password out and doing other things is
> incorrect, unlike what exarkun suggests. In this case, exposing
> password in the interface makes little sense. In addition,
> twisted.cred.checkers.FilePasswordDB apparently ignores this docstring
> entirely already
> (
> http://twistedmatrix.com/trac/browser/tags/releases/twisted-12.3.0/twisted/cred/checkers.py#L238
> ).
>
> I propose that IUsernamePassword should be split into at least two
> interfaces:
>
> * IUsernamePassword, with only username and password, no methods,
> which allows password to be used in any way
> * Another interface, which only defines username and checkPassword() -
> possibly just a rename of IUsernameHashedPassword, which declares a
> similar interface
>
> However, this has the issue that any credential checker which can use
> the second interface would also be able to use an IUsernamePassword
> here if there were an adapter between the two, but support for this
> would have to go into every credential checker which supports the
> second interface at present. Maybe the Portal could automatically
> search for adapters if it can't find a direct match?
>
> Thanks,
> Cameron
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>



-- 
cheers
lvh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-python/attachments/20130401/a635dec6/attachment.htm

More information about the Twisted-Python mailing list