6 <script type=
"text/javascript">
7 <SCRIPT TYPE
="text/ssperl" SRC
="./JavaScript/CGIscriptorSession.js"></SCRIPT
>
9 window
.onload = function() {
10 loadSessionData (CGIscriptorSessionType
, CGIscriptorChallengeTicket
);
15 <script type=
"text/javascript">
16 <SCRIPT TYPE
="text/ssperl" SRC
="./JavaScript/sha.js"></SCRIPT
>
20 <p ALIGN=RIGHT
><a href=
"?LOGOUT">Logout
</a></p>
21 <p ALIGN=RIGHT
><a href=
"ChangePassword.html">Change Password
</a></p>
22 <h1 align=CENTER
>Manual
</h1>
23 <p align=CENTER
>Logged in from
<script type=
"text/ssperl" CGI='$
LOGINIPADDRESS=
"" $
LOGINPATH=
""'
>"$LOGINIPADDRESS $LOGINPATH"</script></p>
24 <p align=CENTER
><form method=GET
action=
"index.html">
25 <p align=CENTER
><input type=
"submit" value=
"Go back to home page" /></p>
26 <input type=
"hidden" name=
"SESSIONTICKET" id=
"SESSIONTICKET" value=
"" />
27 <input type=
"hidden" name=
"CHALLENGETICKET" id=
"CHALLENGETICKET" value=
"" /><br />
32 <A NAME=
"SESSIONTICKETS"><H2 ALIGN=
"CENTER">SERVER SIDE SESSIONS AND ACCESS CONTROL (LOGIN)
</H2></A>
34 An infrastructure for user acount authorization and file access control
35 is available. Each request is matched against a list of URL path patterns.
36 If the request matches, a Session Ticket is required to access the URL.
37 This Session Ticket should be present as a CGI parameter or Cookie, eg:
40 CGI: SESSIONTICKET=
<value
><br />
41 Cookie: CGIscriptorSESSION=
<value
></p>
43 The example implementation stores Session Tickets as files in a local
44 directory. To create Session Tickets, a Login request must be given
45 with a LOGIN=
<value
> CGI parameter, a user name and a (doubly hashed)
46 password. The user name and (singly hashed) password are stored in a
47 PASSWORD ticket with the same name as the user account (name cleaned up
51 The example session model implements
3 functions:
54 The password is hashed with the user name and server side salt, and then
55 hashed with a random salt. Client and Server both perform these actions
56 and the Server only grants access if restults are the same. The server
57 side only stores the password hashed with the user name and
58 server side salt. Neither the plain password, nor the hashed password is
59 ever exchanged. Only values hashed with the one-time salt are exchanged.
62 For every access to a restricted URL, the Session Ticket is checked before
63 access is granted. There are three session modes. The first uses a fixed
64 Session Ticket that is stored as a cookie value in the browser (actually,
65 as a sessionStorage value). The second uses only the IP address at login
66 to authenticate requests. The third
67 is a Challenge mode, where the client has to calculate the value of the
68 next one-time Session Ticket from a value derived from the password and
71 <li>Password Change
<br />
72 A new password is hashed with the user name and server side salt, and
73 then encrypted (XORed)
74 with the old password hashed with the user name and salt. That value is
75 exchanged and XORed with the stored old hashed(salt+password+username).
76 Again, the stored password value is never exchanged unencrypted.
80 <H3 ALIGN=
"CENTER">Implementation
</H3>
82 The session authentication mechanism is based on the exchange of ticket
83 identifiers. A ticket identifier is just a string of characters, a name
84 or a random
64 character hexadecimal string. Ticket identifiers should be
85 "safe" filenames (except user names). There are four types of tickets:
87 <li>PASSWORD: User account descriptors, including a user name and password
</li>
88 <li>LOGIN: Temporary anonymous tickets used during login
</li>
89 <li>IPADDRESS: Authetication tokens that allow access based on the IP address of the request
</li>
90 <li>SESSION: Reusable authetication tokens
</li>
91 <li>CHALLENGE: One-time authetication tokens
</li>
93 All tickets can have an expiration date in the form of a time duration
94 from creation, in seconds, minutes, hours, or days (
<em>+duration
</em>[smhd]).
95 An absolute time can be given in seconds since the epoch of the server host.
96 Note that expiration times of CHALLENGE authetication tokens are calculated
97 from the last access time. Accounts can include a maximal lifetime
98 for session tickets (MaxLifetime).
101 A Login page should create a LOGIN ticket file locally and send a
102 server specific salt, a Random salt, and a LOGIN ticket
103 identifier. The server side compares the username and hashed password,
104 actually hashed(Random salt+hashed(serversalt+password)) from the client with
105 the values it calculates from the stored Random salt from the LOGIN
106 ticket and the hashed(serversalt+password) from the PASSWORD ticket. If
107 successful, a new SESSION ticket is generated as a hash sum of the LOGIN
108 ticket and the stored password. This SESSION ticket should also be
109 generated by the client and stored as sessionStorage and cookie values
110 as needed. The Username, IP address and Path are available as
111 $LoginUsername, $LoginIPaddress, and $LoginPath, respectively.
114 The CHALLENGE protocol stores the same value as the SESSION tickets.
115 However, this value is not exchanged, but kept secret in the JavaScript
116 <em>sessionStorage
</em> object. Instead, every page returned from the
117 server will contain a one-time Challenge value ($CHALLENGETICKET) which
118 has to be hashed with the stored value to return the current ticket
122 In the current example implementation, all random values are created as
123 full,
256 bit SHA256 hash values (Hex strings) of
64 bytes read from
127 <H3 ALIGN=
"CENTER">Security considerations with Session tickets
</H3>
129 For strong security, please use end-to-end encryption. This can be
130 achieved using a VPN (Virtual Private Network), SSH tunnel, or a HTTPS
131 capable server with OpenSSL. The session ticket system of CGIscriptor.pl
132 is intended to be used as a simple authentication mechanism WITHOUT
133 END-TO-END ENCRYPTION. The authenticating mechanism tries to use some
134 simple means to protect the authentication process from eavesdropping.
135 For this it uses a secure hash function, SHA256. For all practial purposes,
136 it is impossible to
"decrypt" a SHA256 sum. But this login scheme is
137 only as secure as your browser. Which, in general, is not very secure.
140 Humans tend to reuse passwords. A compromise of a site running
141 CGIscriptor.pl could therefore lead to a compromise of user accounts at
142 other sites. Therefore, plain text passwords are never stored, used, or
143 exchanged. Instead, a server site salt value is
"encrypted" with
144 the plain password and user name. Actually, all are concatenated and hashed
145 with a one-way secure hash function (SHA256) into a single string.
146 Whenever the word
"password" is used, this hash sum is meant. Note that
147 the salts are generated from /dev/urandom. You should check whether the
148 implementation of /dev/urandom on your platform is secure before
149 relying on it. This might be a problem when running CGIscriptor under
150 Cygwin on MS Windows.
<br />
151 <em>Note: not attempt is made to slow down the password hash, so bad
152 passwords can be cracked by brute force
</em>
155 For the authentication and a change of password, the (old) password
156 is used to
"encrypt" a random one-time token or the new password,
157 respectively. For authentication, decryption is not needed, so a secure
158 hash function (SHA256) is used to create a one-way hash sum
"encryption".
159 A new password must be decrypted. New passwords are encryped by XORing
160 them with the old password.