signalserver icon indicating copy to clipboard operation
signalserver copied to clipboard

Published 20 hours ago verified publisher icon bavc

Support of tokens instead of password only

Open JeromeMartinez opened this issue 8 years ago • 1 comments

Currently the API supports only a password for credentials, and clients have to store the password on their side if they don't want to ask the user to enter the password each time they access the server. This may be an issue if the computer of the user is compromised, as the password would be retrieved. A best practice nowadays is to store a token instead of the password on the client side, so the password is transmitted only once and not stored on the client machine (only the token is stored, and can be revoked if the machine is compromised, without providing the password)

Related to https://github.com/bavc/qctools/pull/242#issuecomment-271529268

JeromeMartinez avatar Jan 14 '17 16:01 JeromeMartinez

after https. :)

yayoiukai avatar Mar 07 '17 09:03 yayoiukai