cbSecurity
CommunitySlackSupport
v3.x
v3.x
  • 🔏Introduction
    • Release History
      • What's New With 3.4.0
      • What's New With 3.3.0
      • What's New With 3.2.0
      • What's New With 3.1.0
      • What's New With 3.0.0
    • Upgrade to 3.0.0
    • About This Book
      • Author
  • Getting Started
    • Installation
    • Overview
    • Configuration
      • 🔏Authentication
      • 🥸Basic Auth
      • 🙈CSRF
      • 🌐JWT
      • 🧱Firewall
        • DB Rules
        • JSON Rules
        • Model Rules
        • XML Rules
      • ☢️Security Headers
      • 🔬Visualizer
  • Usage
    • Authentication Services
    • Basic Authentication
    • Security Rules
    • Security Annotations
    • cbSecurity Model
      • Authentication Methods
      • Authorization Contexts
      • Blocking Methods
      • Securing Views
      • Utility Methods
      • Verification Methods
    • Secured URL
    • Interceptions
    • Cross Site Request Forgery
    • Delegates
    • Auth User
  • Security Validators
    • Auth Validator
    • BasicAuth Validator
    • CFML Security Validator
    • Custom Validator
  • JWT
    • JWT Services
    • JWT Validator
    • Refresh Tokens
    • Token Storage
    • JWT Interceptions
  • External links
    • Issue Tracker
    • Source code
    • Sponsor Us
Powered by GitBook
On this page
  • HashAlgorithm
  • HashIterations
  • Users

Was this helpful?

Edit on GitHub
Export as PDF
  1. Getting Started
  2. Configuration

Basic Auth

Configuration for basic authentication

PreviousAuthenticationNextCSRF

Last updated 2 years ago

Was this helpful?

The basicAuth key is used to store user credentials that will be used with and how the passwords are stored in memory.

/**
 * --------------------------------------------------------------------------
 * Basic Auth
 * --------------------------------------------------------------------------
 * These settings are used so you can configure the hashing patterns of the user storage
 * included with cbsecurity.  These are only used if you are using the `BasicAuthUserService` as
 * your service of choice alongside the `BasicAuthValidator`
 */
basicAuth : {
	// Hashing algorithm to use
	hashAlgorithm  : "SHA-512",
	// Iterates the number of times the hash is computed to create a more computationally intensive hash.
	hashIterations : 5,
	// User storage: The `key` is the username. The value is the user credentials that can include
	// { roles: "", permissions : "", firstName : "", lastName : "", password : "" }
	users          : {}
}

HashAlgorithm

This is the default algorithm used when hashing the user storage passwords in memory. The default is SHA-512

hashAlgorithm  : "SHA-256",

HashIterations

Iterates the number of times the hash is computed to create a more computationally intensive hash. The default is 5

hashIterations  : 10,

Users

This is the in-memory user storage system. It's a struct and each key represents a unique username in the storage system. Each user can then have the following attributes, but in reality, you can add as many attributes as you want.

  • password - The only mandatory attribute.

  • firstName

  • lastName

  • roles

  • permissions

users : {
    "lmajano" : { password : "test", permissions : "read,write",
    "guest" : { password : "guest", permissions : "read" }
}
🥸
Basic Authentication