Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tokens can be exposed via the URL when viewing their detailpage via the admin #445

Open
alextreme opened this issue Sep 10, 2024 · 2 comments
Open

Tokens can be exposed via the URL when viewing their detailpage via the admin #445

alextreme opened this issue Sep 10, 2024 · 2 comments
Labels
approved enhancement New feature or request owner: den haag

Comments

@alextreme
Copy link
Member

Thema / Theme

Admin

Omschrijving / Description

DH Taiga 589

When browsing the admin and viewing the detailpage of a tokenauth /admin/token/tokenauth/ the authentication token is shown in the URL as it is also used as the primary key. This has risks due to webserverlogs/gatewaylogs.

I'd recommend to always use the default 'id' as primary key, or a separate uuid-field unrelated to credentials because of this risk

Toegevoegde waarde / Added value

No response

Aanvullende opmerkingen / Additional context

No response
@alextreme
Copy link
Member Author

Discussed, estimated at 1 day max to implement the suggested change

@PeterVanBragt: ready for approval.

@alextreme alextreme moved this from Triage to Waiting for approval in Data en API fundament Nov 19, 2024
@PeterVanBragt
Copy link

Approved

@alextreme alextreme moved this from Waiting for approval to Todo in Data en API fundament Nov 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
approved enhancement New feature or request owner: den haag
Projects
Data en API fundament
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alextreme @PeterVanBragt