Question regarding the security of tokens

Created on 6 November 2024, about 2 months ago

Hey everyone,

I'm not sure if this question is appropriate for an issue; feel free to let me know if it’s okay or if I should use another communication channel.

I have a question regarding the security of tokens. My use case requires non-exposable tokens, and after reviewing the UI, code, and database, I noticed that tokens are stored as plain text in the database, as well as in the feed type settings.

First, could you explain the reasoning behind this design choice? Are there any current or future plans for making the tokens non-exposable, perhaps by implementing a hashing process?

Additionally, I’m wondering if making the tokens non-viewable would even help, considering they can technically be accessed by inspecting the response header in an HTTP GET request.

Just to clarify, I'm not trying to criticize anyone’s work—I'm genuinely interested in gaining a deeper understanding of this topic.

💬 Support request
Status

Active

Version

2.0

Component

Code

Created by

🇩🇪Germany Istari

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024