Difference between revisions of "HyperAdmin"

From HypertWiki
Jump to navigation Jump to search
 
(8 intermediate revisions by the same user not shown)
Line 14: Line 14:
*# Get user form input (user, pass, possibly extra pass & email)
*# Get user form input (user, pass, possibly extra pass & email)
*# If no user given:
*# If no user given:
*#* set $is_old_user flag
*#* check cookies for session key
*#* check cookies for user/pass combination:
*#** If session key found in cookies:
*#** If user/pass found in cookies, set $is_old_user flag
*#*** If session is active and valid:
*#** If no user/pass found in cookies:
*#**** Set $login_ok flag
*#*** ...else (session invalid or expired):
*#**** Set login message to "invalid or expired session; please log in"
*#**** Set $do_login_screen flag
*#** If no session key found in cookies:
*#*** set $do_login_screen flag
*#*** set $do_login_screen flag
*#***set login message to "Please log in"
*#***set login message to "Please log in"
Line 39: Line 43:
*#** Set login message to "you are the first user; please create a new account"
*#** Set login message to "you are the first user; please create a new account"
*# ...else if users found:
*# ...else if users found:
*#* If user matches existing username, set $do_login_attempt flag
*#* If $do_login_attempt:
*#* If $do_login_attempt:
*#** Lookup encrypted password for given user
*#** Lookup encrypted password for given user
*#** If encryption of new password matches, set $login_ok flag
*#** If encryption of new password matches
*#*** set $login_ok flag
*#*** if previous login was successful (check timestamps), set login attempts to zero
*#** ...else (password mismatch):
*#*** increment login attempts for this user
*#*** set login message to "invalid user/password"
*#*** if $is_revisit, log a HACK WARNING
*#* ...else (not $do_login_attempt):
*#* ...else (not $do_login_attempt):
*#** If $new_pass_valid:
*#** If $new_pass_valid:
Line 48: Line 59:
*#** ...else (not $new_pass_valid):
*#** ...else (not $new_pass_valid):
*#*** set $do_login_screen flag
*#*** set $do_login_screen flag
*#*** set login message to "invalid user/password"
*'''Phase III''': set cookies and show html
*'''Phase III''': set cookies and show html
*# if $do_login_screen:
*# if $do_login_screen:
*#* Show login screen and login message
*#* Show login screen, login message, and # of login attempts for this user
*# ...else if $login_ok
*# ...else if $login_ok
*#* Show control bar, with appropriate applications enabled
*#* Set user/pass cookie
*#* Show control bar, with appropriate applications enabled and user info:
*#** Time of last successful login
*#** Time of last unsuccessful login
*#** Number of failed login attempts


Possible bugs:
Possible security holes:
*Can $do_login_screen and $login_ok both end up false? In this case, nothing would be displayed.
*Can $do_login_screen and $login_ok both end up false? In this case, nothing would be displayed.
*Can $do_login_screen and $login_ok both end up true? Is the resulting behavior appropriate?
*Can $do_login_screen and $login_ok both end up true? Is the resulting behavior appropriate?
==Notes==
"Session key" could be dumbed down to just username+password sent in a single parameter, if proper sessions were not otherwise needed for a site, though sessions do provide better security even if they aren't used for anything else.


==Tables==
==Tables==
Line 118: Line 134:
|}
|}


===Logging tables===
===Activity tables===
*'''log''' -- logs of login attempts as well as what users did while logged in
====sessions====
shopping [[HyperAdmin Session|session]]s
{| style="background: #eeeeee;"
|-
|K#||'''ID''' || int(4)
|-
|||'''Cookie''' || text || session-ID cookie (at least <s>32</s> 128 bits of random data)
|-
|||'''User''' || int(4) || users.ID of authenticated user (logged in with password); NULL = no user, or not authenticated
|-
|||'''Remote_Client''' || text || browser user_agent string
|-
|||'''Remote_Host''' || text || remote host domain info (reverse lookup), if any
|-
|||'''Remote_Addr''' || int(4) || remote host IP address
|-
|||'''Remote_Key''' || text || remote address or host domain plus user_agent - for quick search of userless sessions
|-
|||'''WhenStarted''' || timestamp || when session was started
|-
|||'''WhenLastAct''' || timestamp || timestamp of last activity on this session
|-
|||'''WhenExpires''' || timestamp || when this session will expire; NULL=never (see [[HyperAdmin Session]]s)
|-
|||'''WhenExpired''' || timestamp || when this session was actually expired (see Rules below)
|}
 
'''Rules''':
*if same user connects with new session, any existing sessions are automatically deactivated
*sessions.WhenExpired can be NULL even after WhenExpires ''if'' session is never accessed after WhenExpires and same user does not ever reconnect
====events====
logs of login attempts as well as what users did while logged in
{| style="background: #eeeeff;"
{| style="background: #eeeeff;"
|-
|-
Line 131: Line 178:
|-
|-
|||'''Seq''' || int(4) || Order in which actions were executed, if done at the same time
|||'''Seq''' || int(4) || Order in which actions were executed, if done at the same time
|-
||| '''Type''' || text(8) || short code for event type - [event_types] table (to be designed)
|-
|-
|||'''Descr''' || text || description of action taken (should be very specific)
|||'''Descr''' || text || description of action taken (should be very specific)
|}
|}

Latest revision as of 21:11, 15 August 2005

Woozle: HyperAdmin

This is my attempt to create a general user administration system for use by other web-based applications (mostly mine) which might need one.

Login Sequence

Major phases

  1. check what came in (form/cookies); set flags
  2. inspect the database; set flags
  3. set cookies and show html

Flow chart

  • Phase I: check what came in
    1. Get user form input (user, pass, possibly extra pass & email)
    2. If no user given:
      • check cookies for session key
        • If session key found in cookies:
          • If session is active and valid:
            • Set $login_ok flag
          • ...else (session invalid or expired):
            • Set login message to "invalid or expired session; please log in"
            • Set $do_login_screen flag
        • If no session key found in cookies:
          • set $do_login_screen flag
          • set login message to "Please log in"
    3. ...else (user given):
      • If password also given
        • If 2nd password given:
          • If 2 passwords match set $do_create_user flag
          • If 2 passwords don't match:
            • set $do_login_screen flag
            • set login message to "passwords don't match"
          • ...else (no 2nd password):
            • set $do_login_attempt flag
  • Phase II: check database
    1. Open database and inspect "users" table.
    2. If no users yet:
      • If $do_create_user:
        • Add user to database
        • Give user "god" permissions
        • Set $login_ok flag
      • ...else (not $do_create_user):
        • Set login message to "you are the first user; please create a new account"
    3. ...else if users found:
      • If user matches existing username, set $do_login_attempt flag
      • If $do_login_attempt:
        • Lookup encrypted password for given user
        • If encryption of new password matches
          • set $login_ok flag
          • if previous login was successful (check timestamps), set login attempts to zero
        • ...else (password mismatch):
          • increment login attempts for this user
          • set login message to "invalid user/password"
          • if $is_revisit, log a HACK WARNING
      • ...else (not $do_login_attempt):
        • If $new_pass_valid:
          • Create new account
          • Set $login_ok flag
        • ...else (not $new_pass_valid):
          • set $do_login_screen flag
  • Phase III: set cookies and show html
    1. if $do_login_screen:
      • Show login screen, login message, and # of login attempts for this user
    2. ...else if $login_ok
      • Set user/pass cookie
      • Show control bar, with appropriate applications enabled and user info:
        • Time of last successful login
        • Time of last unsuccessful login
        • Number of failed login attempts

Possible security holes:

  • Can $do_login_screen and $login_ok both end up false? In this case, nothing would be displayed.
  • Can $do_login_screen and $login_ok both end up true? Is the resulting behavior appropriate?

Notes

"Session key" could be dumbed down to just username+password sent in a single parameter, if proper sessions were not otherwise needed for a site, though sessions do provide better security even if they aren't used for anything else.

Tables

  • "K" indicates Primary Key fields
  • "#" indicates autonumbered fields

Main data tables

  • users -- users with access to the admin system
#K ID int(4)
Name varchar(32)
Pass text
Email varchar(128) email address for password confirmation and such
WhenGood timestamp when user last logged in
WhenBad timestamp when user last attempted to log in but failed (bad password)
QtyFails int(4) number of failed login attempts since last success
  • groups -- each group has a role to play, and each role requires a particular set of privileges
#K ID int(4)
Name varchar(32)
Descr text text describing the purpose of this group
  • privs -- particular privileges; meaning is defined in code
#K ID int(4)
Name varchar(32)
Descr text text describing this permission

Collection/link tables

  • users_x_groups -- users in each group / groups to which each user belongs
K ID_User int(4) users.ID
K ID_Group int(4) groups.ID
  • groups_x_privs -- privileges each group has / groups having a particular privilege
K ID_Group int(4) groups.ID
K ID_Priv int(4) privs.ID

Activity tables

sessions

shopping sessions

K# ID int(4)
Cookie text session-ID cookie (at least 32 128 bits of random data)
User int(4) users.ID of authenticated user (logged in with password); NULL = no user, or not authenticated
Remote_Client text browser user_agent string
Remote_Host text remote host domain info (reverse lookup), if any
Remote_Addr int(4) remote host IP address
Remote_Key text remote address or host domain plus user_agent - for quick search of userless sessions
WhenStarted timestamp when session was started
WhenLastAct timestamp timestamp of last activity on this session
WhenExpires timestamp when this session will expire; NULL=never (see HyperAdmin Sessions)
WhenExpired timestamp when this session was actually expired (see Rules below)

Rules:

  • if same user connects with new session, any existing sessions are automatically deactivated
  • sessions.WhenExpired can be NULL even after WhenExpires if session is never accessed after WhenExpires and same user does not ever reconnect

events

logs of login attempts as well as what users did while logged in

K# ID int(4)
ID_User int(4) users.ID - which user, if any (NULL = unknown user)
ID_Session int(4) sessions.ID - more information in case user is unknown
When timestamp when this action was taken
Seq int(4) Order in which actions were executed, if done at the same time
Type text(8) short code for event type - [event_types] table (to be designed)
Descr text description of action taken (should be very specific)