Why We Don't Trust the Database with Authentication

(blog.sturdystatistics.com)

21 points | by kianN 4 days ago ago

5 comments

  • LunaSea 25 minutes ago

    RBAC and proper prepared statements completely defeat all these scenarios.

  • preinheimer an hour ago

    Great post. Anyone who talks, and actually implements, client key rotation gets a +1 from me.

    Far too many systems don’t have a zero downtime key rotation.

  • cluckindan an hour ago

    Or just salt the string with the username before hashing.

    • tybit an hour ago

      That’s what they do, but the TPM pepper is also needed for HMACing in their threat model. Otherwise the attacker just adds the victim’s user id to their hashing process too.

  • Rakua 4 days ago

    tl;dr: The author advocates for signing authentication data in the database. Even if an attacker gains write access to the DB and manipulates the auth data, the app can recognize this and prevent access.

    I'd rather invest time in writing a proper DB abstraction layer for new systems or audit all parts where the DB is accessed in an existing system than implement the suggested measure.