File-based authentication

Problem Statement

Hazaar MVC currently lacks a secure and robust file-based authentication mechanism. Although an htpasswd adapter exists, its security may not meet current standards and best practices.

Who will benefit?

This feature will benefit developers and administrators who require a file-based authentication method for Hazaar MVC applications, offering an alternative to Model, Database, OAuth2, and OpenID authentication methods.

Benefits and risks

Benefits

• Provides a simple and easy-to-implement authentication method.
• Reduces reliance on external authentication providers.
• Suitable for small-scale applications or development environments.
• Enhances flexibility in authentication methods offered by Hazaar MVC.

Risks

• Potential security vulnerabilities if not implemented correctly.
• May require additional security measures such as encryption and secure storage of authentication files.
• Updates to documentation and training materials will be necessary.

Proposed solution

Enhance the existing htpasswd adapter to meet current security standards by:

• Implementing strong hashing algorithms (e.g., bcrypt) for password storage.
• Ensuring secure storage and access controls for the authentication file.
• Adding support for password complexity requirements and expiration policies.

If the htpasswd adapter is deemed insufficient, create a new file-based authentication adapter with these features.

Examples

• Apache's htpasswd utility with bcrypt for secure password storage.
• Django's file-based user authentication system for development environments.

Priority/Severity

• High (This will bring a huge increase in performance/productivity/usability/legislative cover)
• Medium (This will bring a good increase in performance/productivity/usability)
• Low (anything else e.g., trivial, minor improvements)