Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User API key hashing #242

Open
loleg opened this issue Dec 15, 2021 · 0 comments
Open

User API key hashing #242

loleg opened this issue Dec 15, 2021 · 0 comments
Labels
backend Pull requests that update Go code

Comments

@loleg
Copy link
Contributor

loleg commented Dec 15, 2021
edited
Loading

Instead of encrypting user-defined API keys, we would like to remove the ability to read API keys altogether. Instead only the hashed version of the key should be stored, with the same hashing process being applied every time the API key is checked. This follows a security best practice common to applications like Proxeus.

The UI needs to be updated to remove the "preview" of the API key.

Please comment on possible performance impact of the hashing algorithm.

See apikey.go and issue #1
@loleg loleg added the backend Pull requests that update Go code label Dec 15, 2021
@m-javani m-javani mentioned this issue Dec 22, 2021
Closed
@loleg loleg moved this to Todo in Maintenance - Q1 2024 Aug 11, 2023
@loleg loleg moved this from Todo to In Progress in Maintenance - Q1 2024 Aug 11, 2023
@Kamel-83 Kamel-83 moved this from In Progress to Todo in Maintenance - Q1 2024 Oct 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend Pull requests that update Go code
Projects
Maintenance - Q1 2024
Status: Todo
Maintenance sprint - Q1 2023
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@loleg @m-javani