Is Flask-Cache's filesystem cache secure?

Question

I want to cache the results of an authentication function using the cache.memoize decorator.

However the authentication function takes a username and password as arguments, and I need to maintain security.

Cache(config={'CACHE_TYPE': 'filesystem'})

@cache.memoize
def authenticate(username, password)
    # some logic
    return True/False

Is Flask-Cache's filesystem cache secure? Is there a way to set ownership/permissions on the flask cache's files through the module?

score 1 · Answer 1 · answered Oct 28 '16 at 15:18

Storing a raw password anywhere for a period of time sounds like a bad idea.

Depending on how you are checking your password, and where the bottleneck is, you could cache the password hash, then just check against this.

Example if you stored a password hash in a database, and the retrieval was the bottleneck:

def authenticate(username, password):
    hash = get_password_hash()
    return check_password(password, hash)

@cache.memoize
def get_password_hash(username):
    return retrieve_hash_from_database()

Is Flask-Cache's filesystem cache secure?

1 Answers1