Skip to content

Hash tokens in SubjectRepo #191

New issue
New issue
Open
Open
Hash tokens in SubjectRepo#191
Assignees
giusdpmattrent
Labels
bugSomething isn't working
@mattrent

Description

@mattrent
mattrent
opened on Mar 21, 2023

API Tokens are currently stored in plaintext, which creates a security vulnerability. We should hash the tokens in the DB, and use those when authenticating the requests.

Additional modifications needed:

  • Guest and Admin tokens must be communicated once (and not saved in an external persistent file)
  • /subjects endpoint should not return the tokens (neither hashed nor plaintext)

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions