Webito

A simple http based server API based on persistent storage

Simple Architecture

  • Server using a MongoDB database for persistent storage
  • Providing simple services : user registration, user login/logout and display timestamps of user logging to the entitled user
  • Not scalable

 

Simple but providing minimal security at several levels

  • Password not stored
  • Preventing common http based attacks
  • Access to resources limited to entitled users

 

No css done so trivial interface

Passwords

  • Hash on server side
  • Salt
  • Key stretching : Bcrypt

Preventing common attacks

  • Sidejacking prevented using HTTPS
  • Cookies forgery : Cookies are crypted with a secret key
  • Flask provides tools to counter Cross-Site Request Forgery
  • Replay attack : timeout on the cookies
  • Security level depends on the use case

 

To add

Depending on the use case, force the user to reset his pasword every X month

Client side fields checking : More requirements on the password content, username...

User account mail activation

 

Webito

By Adrien Duffy-coissard

Made with Slides.com

Webito

  • 71

More from Adrien Duffy-coissard