mirre-mt/masters-thesis
Archived
1
0
Fork 0
Code Releases 1 Activity

tex: add more stuff on architecture

Browse Source
This commit is contained in:
leo 2023-05-25 11:38:15 +02:00
parent f92dc70fa7
commit a0384f18d8
Signed by: wanderer
SSH Key Fingerprint: SHA256:Dp8+iwKHSlrMEHzE3bJnPng70I7LEsa3IJXRH/U+idQ
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
tex/text.tex
View File

@ -821,12 +821,14 @@ package to prevent accidental imports.
The authentication logic is relatively simple and the author would like to
isolate it into a custom \emph{middleware}. User passwords are hashed using a
secure KDF before being sent to the database and no raw queries are used to
access the database, helping prevent SQL injection attacks. The KDF used is
\texttt{bcrypt} but the author plans to add support for the more modern
\texttt{scrypt}or the state-of-the-art, P-H-C (Password Hashing Competition)
secure KDF before being sent to the database. The KDF used is \texttt{bcrypt}
(with a sane \emph{Cost} of 10), which automatically includes \emph{salt} for
the password. The author plans to add support for the more modern
\texttt{scrypt} and the state-of-the-art, P-H-C (Password Hashing Competition)
winner algorithm \texttt{Argon2}
(\url{https://github.com/P-H-C/phc-winner-argon2}).
(\url{https://github.com/P-H-C/phc-winner-argon2}). Besides, no raw queries are
used to access the database, helping decrease the likelihood of SQL injection
attacks.
An important thing to mention is embedded assets and templates. Go has multiple
mechanisms to natively embed arbitrary files directly into the binary during
@ -858,8 +860,10 @@ The application constructs the web pages entirely server-side and it runs
without a single line of JavaScript, of which the author is especially proud.
It improves load times, decreases attack surface, increases maintainability and
reduces cognitive load that is required when dealing with JavaScript. Of course
that requires extensive usage of \texttt{POST}s in forms and frequent full-page
refreshes, but that still is not enough to warrant the use of JavaScript.
that requires extensive usage of non-semantic \texttt{POST}s in forms even for
updates (where \texttt{PUT}s should be used) and the accompanying frequent
full-page refreshes, but that still is not enough to warrant the use of
JavaScript.
As an aside, the author has briefly experimented with WebAssembly for this
project, but has ultimately scrapped the functionality in favour of the