You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 18, 2021. It is now read-only.
Need to fix a really questionable decision made when setting up the API -- currently expects plaintext passwords (even though passwords are properly hashed in the DB), passed through the URL no less.
Since sending a hash over HTTP ultimately isn't much better, we should probably investigate using API tokens of some kind. I'm not particular about how this gets done but I'd like to add the least interface cruft possible. We could add "generate an API token" to the Settings page, and add another column to the users table of the db which stores a randomly generated UUID, and it would then act like a password for API use. This is probably simpler than using OAuth because it doesn't break the current passing-strings-in-URLs method?
The text was updated successfully, but these errors were encountered:
Need to fix a really questionable decision made when setting up the API -- currently expects plaintext passwords (even though passwords are properly hashed in the DB), passed through the URL no less.
Since sending a hash over HTTP ultimately isn't much better, we should probably investigate using API tokens of some kind. I'm not particular about how this gets done but I'd like to add the least interface cruft possible. We could add "generate an API token" to the Settings page, and add another column to the users table of the db which stores a randomly generated UUID, and it would then act like a password for API use. This is probably simpler than using OAuth because it doesn't break the current passing-strings-in-URLs method?
The text was updated successfully, but these errors were encountered: