Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tokens can be exposed via the URL when viewing their detailpage via the admin #445

Open
alextreme opened this issue Sep 10, 2024 · 0 comments
Open

Tokens can be exposed via the URL when viewing their detailpage via the admin #445

alextreme opened this issue Sep 10, 2024 · 0 comments
Labels
enhancement New feature or request owner: den haag triage

Comments

@alextreme
Copy link
Member

Thema / Theme

Admin

Omschrijving / Description

DH Taiga 589

When browsing the admin and viewing the detailpage of a tokenauth /admin/token/tokenauth/ the authentication token is shown in the URL as it is also used as the primary key. This has risks due to webserverlogs/gatewaylogs.

I'd recommend to always use the default 'id' as primary key, or a separate uuid-field unrelated to credentials because of this risk

Toegevoegde waarde / Added value

No response

Aanvullende opmerkingen / Additional context

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request owner: den haag triage
Projects
Data en API fundament
Status: Triage
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alextreme