Skip to content

Hash email #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Vianpyro merged 5 commits into from
Mar 30, 2025
Merged

Hash email #22

Vianpyro merged 5 commits into from
Mar 30, 2025

Conversation

@Vianpyro
Copy link
Member

@Vianpyro Vianpyro commented Mar 29, 2025

Brief Description of Changes

This pull request enhances user authentication security by introducing hashed email-based login. Instead of retrieving and decrypting every email in the person table to find a match, the system now uses a hashed email for authentication. Additionally, emails are stored in an encrypted format to protect user data in case of a database breach.

Detailed Changes

  1. Updated person table structure:
    • Replaced email column with hashed_email and encrypted_email.
    • hashed_email is used for login comparisons, avoiding the need to decrypt stored emails during authentication.
    • encrypted_email is stored to ensure emails remain secure in case of a data breach.

Before:

CREATE OR REPLACE TABLE person (
    person_id INT AUTO_INCREMENT PRIMARY KEY,
    person_name VARCHAR(100) UNIQUE,
    email VARCHAR(100) UNIQUE,
    hashed_password VARCHAR(100),
    registration_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    last_login TIMESTAMP NULL,

After:

CREATE OR REPLACE TABLE person (
    person_id INT AUTO_INCREMENT PRIMARY KEY,
    person_name VARCHAR(100) UNIQUE,
    hashed_email VARCHAR(255) UNIQUE,
    encrypted_email VARCHAR(255) UNIQUE,
    hashed_password VARCHAR(100),
    registration_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    last_login TIMESTAMP NULL,

Objective of Changes

  • Enhances security by preventing direct email storage in plaintext.
  • Improves login efficiency by allowing direct hash comparisons instead of decrypting all emails.
  • Protects user email data in the event of a database compromise.

Verification Steps

  1. Register a new user and ensure both hashed_email and encrypted_email are stored correctly.
  2. Attempt login using an email to verify that authentication works as expected.
  3. Ensure that a direct database query does not reveal plaintext emails.
  4. Run tests to confirm existing functionality remains unaffected.

Notes for Reviewer

  • Focus on the security aspects of hashing and encryption implementation.
  • Verify that the new authentication method does not introduce performance bottlenecks.
  • Ensure backwards compatibility if applicable.

@Vianpyro Vianpyro added good first issue complexity: experimental Tasks exploring untested tools or approaches for infrastructure or deployment. priority: blocker Tasks that completely block other work and need immediate resolution. status: completed Fully implemented and verified. type: security Issues or improvements related to app security. labels Mar 29, 2025
@Vianpyro Vianpyro self-assigned this Mar 29, 2025
@Vianpyro Vianpyro merged commit f6c94d1 into main Mar 30, 2025
8 checks passed
@Vianpyro Vianpyro deleted the security/hash_email branch March 30, 2025 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Vianpyro Vianpyro

Labels

complexity: experimental Tasks exploring untested tools or approaches for infrastructure or deployment. priority: blocker Tasks that completely block other work and need immediate resolution. status: completed Fully implemented and verified. type: security Issues or improvements related to app security.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Vianpyro