-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Add "sudo mode" #33955
Comments
The reason I would like this is that it would make it more likely that it would be used 'by default' within apps, and it would raise the overall level of security likely to be implemented within apps based on Symfony. I would certainly use it, and while I have considered implementing it myself, I am nervous of doing things related to security without doing proper due-diligence on them, so I've never yet found the time. Having a peer-reviewed implementation of this would make me much more likely to use it. The way I imagine it working could be having another AUTHENTICATED_ status (like Thanks for recommending this 👍 |
@patrickvale has summed up my opinions as well as I could. |
To me, a "sudo mode" is mostly an enhancement of the current "remember me" authentication system. This means that we could create a token with an expiration date, such as |
The way I do something like that is by having some pages requiring |
@stof There's also something: if somebody logs in using the password remembered by the web browser, they may not know the actual password, so I think a |
@Pierstoval that's a good point - the ability to 'easily' add 2FA (eg SMS) would be very interesting for some use cases. |
@quentinus95 mentioned in the 2FA issue an idea of "identity trust level" that can replace remember me, 2FA and sudo mode: #28868 (comment) I think that any modern version of the Security component (which we should achieve in Symfony 5) has to contain sudo mode and 2FA. Remember me in the current component is very complex and stopping most changes in the component. So I would be very happy if we can continue thinking about this "identity trust level" and transfer it into a workable issue to see if it works (and if it has any downsides). |
@wouterj as we already reached the feature freeze schedule, a rework of the whole security component won't make it in the 5.0 release. |
@Pierstoval sudo mode is not about having a second factor. |
I know. When I talk about Symfony 5, I mean the 5.x lifecycle. |
Also, some operations are so sensitive that the sudo mode should not stand for "recently", but rather for that one time event only. For example, when sending money from my banking app, I have to use 2FA to confirm the payment. Then, when I submit another payment, I have to use 2FA again for the second payment no matter how long ago was the first payment. This feature (both "one-time" and "recently") should be available in core because it is so easy to implement it wrong and potential damage is too great. |
Thank you for this suggestion. |
I re-read this only the other day and I think, yes, it would be very useful. It's a very standard thing to verify that the person requesting a specific action is the real key holder, irrespective of how recently they logged in. |
Oh yes, this is still relevant (there are concrete plans to integrate this in 5.3). I've added the Keep Open label, to make sure it will not get auto closed. |
Are there any news on this? |
1 similar comment
Are there any news on this? |
I don't know, do you have any news? |
I think there are no questions about "do we want it?". It's more like, "who wants to work on it?" As you know, features do not happen magically, and we need more volunteers to help. The core team is here to help if you have any questions about the implementation or anything else. |
In the past, I've outlined some broad implementation ideas in #39308 (under "At some knowledge of authentication factors (sudo mode)") |
Description
"Sudo mode" is a security feature which allows web applications to ask users to reenter their passwords before performing some critical task (unless they have reentered it "recently").
I asked around in the Symfony Slack and some people said that it'd be great to add this to Symfony core ... but others disagree arguing that it's trivial to implement it yourself. So, let's discuss about this feature. Thanks!
Example
GitHub for example uses it:
The text was updated successfully, but these errors were encountered: