PingAM 8.0.0

Security considerations

This section describes the security best practices you should implement when developing authentication nodes in AM.

Store sensitive data in secrets

When developing nodes that include sensitive data such as passwords and encryption keys, make sure the data is secured:

  • Use secret stores for sensitive data, such as passwords and encryption keys. Never store them directly in configuration or expose them in scripts.

    Learn more in Secret stores.

  • Store secrets using secure state. You can find information about secure state in Store values in shared tree state.

Update cryptography

Make sure you use well-known and trusted cryptographic libraries where appropriate.

Different algorithms and methods are discovered and tested over time, and communities of experts decide which are the most secure for different uses. Use up-to-date cryptographic methods and algorithms to generate keys.

Sanitize user input data

When developing nodes that accept user input data, sanitize the input data and remove any sensitive information, such as passwords, before using and storing the data. Don’t use unsanitized user input data for any purpose.

Where a node reads data from the shared state, always treat that data as user input data and sanitize accordingly.

Other considerations

  • If a node identifies a user before they sign in, make sure the node sets the identified identity on the node action using the withIdentifiedIdentity method.

    Learn more in Action fields and methods and Access an identity’s profile.

  • Consider what data is being set in shared state and how subsequent nodes will use it. Make sure the data can’t be used in unintended ways. For example, consider data such as usernames and authentication levels that could result in information disclosure or elevation of privilege.

    Where a node reads data from the shared state, always treat that data as user input data and sanitize accordingly.

  • Make sure you don’t expose any sensitive information in your logs. For example, don’t log any plaintext secrets or personally identifiable information (PII).