...
- Should we require user authentication to invoke managed operations from the command line?
- These operations do not go through the client, so we would have to a) create special JMX hook into the server based authentication scheme or b) create a separate authentication scheme for managed operations.
- How should we hash passwords?
- Do we need a master serverKey hash? How is this generated and where is it stored?
- No. This doesn't add any additional security since the master password would be stored in prefs file and therefore accessible to someone with access to the server. We could encrypt the master password, but then we'd need to rely on the MAC Address which can change and we'd have to rehash every password if the master key ever changed. All of this adds a complexity overhead that isn't a good tradeoff since we don't actually end up with any additional security.
- Do we need salt per user?
- Yes. Choose a random salt per user and store that alongside the password.
- Which hash algorithm should we use?
- SHA-512
- Do we need a master serverKey hash? How is this generated and where is it stored?
- Do we need to associate a fingerprint (ip address, etc) with each AccessToken?
- How would we get this info server side? Does the client need to pass it along when logging in?
...