voting's People
Forkers
maxmeng-devvoting's Issues
Vulnerabilities fixing
Which file can I change to fix vulnerabilities? In SecurityConfiguration.java ?
Spring: class file has wrong version 61.0, should be 55.0
When I tried to run VotingApplication.java, It shows:
There is a similar problem in Stack Overflow:
https://stackoverflow.com/questions/74648576/spring-class-file-has-wrong-version-61-0-should-be-55-0
Maybe we can find a solution and/or add this to D. Common Issues.
Need for Implementation of Password Salting for Enhanced Security
Issue Description
Currently, our project's database stores user passwords without implementing a salting process. This approach poses several security risks which could compromise user data. I'd like to highlight the importance of adding a unique salt to each password before hashing and storing them.
Risks of Not Salting Passwords
-
Vulnerability to Rainbow Table Attacks: Without salting, the same passwords across different accounts generate identical hash values. This consistency makes our system susceptible to rainbow table attacks, where precomputed hash tables are used to reverse-engineer passwords.
-
Password Reuse Risk: In our current setup, if two users have the same password, their hash values in the database will also be the same. Consequently, if one account's password is compromised, it jeopardizes any account with a matching password hash.
-
Simplicity in Cracking Common Passwords: Unsalted passwords, especially those that are common or simple, can be easily cracked using dictionary attacks, as their hash values are predictable and often precomputed.
Proposed Solution
To mitigate these risks, I propose the implementation of a salting mechanism. This involves generating a unique, random salt for each user's password. The salt is then concatenated with the password before hashing. This process ensures that even identical passwords will produce unique hash values, significantly enhancing our system's security against various types of password-related attacks.
Expected Benefits
- Increased Security Against Precomputed Hash Attacks: Salting passwords makes precomputed hash attacks, like rainbow tables, ineffective.
- Protection Against Password Reuse Attacks: Unique salts ensure that identical passwords generate different hash values, securing accounts even in cases of password reuse.
- Resilience Against Dictionary Attacks: Adding random salts to passwords before hashing makes it impractical to use dictionary attacks, as it would require generating a new set of precomputed hashes for each user.
I believe addressing this issue should be a priority to ensure the security of our users' data. Implementing salting will be a significant step towards strengthening our application's overall security posture.
Prevent X-XSS attacks
I'm not sure if it is working or not?
Is this a way to defend CSRF attack?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.