Change static admin password behavior #18

Open
opened 4 months ago by neil · 0 comments
neil commented 4 months ago
Owner

This password needs to be passed when deleting a link. It is passed in query parameters (GET), which is not very cool for security.

There’s no big risk of someone finding the key, but it is saved in the admin’s browsing history.

Also, a static password is not great for security again. We should derivate the key using some variables like the link name instead, but it may become uncomfortable. I guess building some kind of HTML admin view can’t be avoided.

This password needs to be passed when deleting a link. It is passed in query parameters (GET), which is not very cool for security. There’s no big risk of someone finding the key, but it is saved in the admin’s browsing history. Also, a static password is not great for security again. We should derivate the key using some variables like the link name instead, but it may become uncomfortable. I guess building some kind of HTML admin view can’t be avoided.
neil added the
enhancement
priority:low
help wanted
labels 4 months ago
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: 42l/rs-short#18
Loading…
There is no content yet.