Secure query access by password

artoor-b · November 17, 2024, 8:40pm

Hello,
I need something like password secured access to specific query.
I want to generate/create a password in order to secure access to specific forms.
Let’s say we have a list of users with emails and the password is delivered to them (password could have expiration date). User with password should be able to access the resource.
Is it possible to easy integrate this kind of functionality? Is there any option to send emails to users?
Maybe it’s not really necessary - is it better to leave this idea and use only allow/deny list of users (Internet Identity)?

Also I have general question:
Are messages/queries on ICP encrypted?

Severin · November 18, 2024, 10:18am

Native email is not supported, but maybe dmail (a project in ICP land) has some functionality for it?

Yes, you can check principals in query messages as well. I would go this route

Depends on what you’re exactly asking. TLS terminates at the boundary nodes, but AFAIK messages are encrypted when being transmitted between nodes. However, the nodes (including boundary nodes) themselves can see the messages

nirvana369 · November 20, 2024, 4:48am

You can use tweetnacl library to encrypt data, or other similar libraries to encrypt and decrypt between frontend and backend:

frontend : GitHub - dchest/tweetnacl-js: Port of TweetNaCl cryptographic library to JavaScript
backend : Mops • Motoko Package Manager

Topic		Replies	Views
Is encryption/decryption overkilled on ICP? Developers	1	98	September 25, 2024
My first simple application on IC, and a question about better options for hashing text data meant for storing temporary passwords Motoko	4	39	October 7, 2024
Query_blocks <-- ICP ledger Candid 🙌 Language Support Motoko	15	2386	April 13, 2023
How can I control access to content in ICP? Developers	4	109	October 4, 2024
Request for feedback: Query delegations Developers	12	818	February 28, 2022

Secure query access by password

Related topics