This repository has been archived by the owner on Jan 6, 2023. It is now read-only.
Static tokens are not case sensitive #1928
Comments
|
Not sure if this was designed like this, but it feels like a bug to me. I personally think the token should be case sensitive. What do you think @pzehle ? |
|
@rijkvanzanten I totally agree. I feel this like a bug, because you lower the security of a token to probably half when it is not case sensitive. If this is planned then I would think this is not a good behavior. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I have no idea if this is the right repo for this issue. I have a static token, I put it in the user in the database as explained in the docs, then when attempting to use it as
Authorization: Bearer token, it does not check if the token is case sensitive or not. To reproduce, just use any token you want, and change a capital A for a small a, the check will pass and consider the token is correct.Don't know if this is the right behavior, but I just wanted to point it out.
Latest version, Ubuntu.
Thanks!
The text was updated successfully, but these errors were encountered: