Auth Tokens should not be stored in plain text #9765
Unanswered
profhase
asked this question in
Potential Issue
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
An auth token for the API is the same as a password for a user.
IMHO it should not be saved plain text in the database, but rather a hash (similar to passwords).
I know that there are other apps that provide that, I think that the minimal implementation that DRF delivers
should be secure (or not being offered) as it is easily used in production causing security flaws
Beta Was this translation helpful? Give feedback.
All reactions