Comments (3)
marcoow
commented on May 22, 2024
Not sure about the security aspect actually. When I can get your bearer token (which means I either have access to your machine or can intercept your network traffic), there's no reason I couldn't get your Login or Email.
However, adding that will be really simple when I release the big strategies refactoring (I hope end of next week - had to delay it a little).
from ember-simple-auth.
brandonparsons
commented on May 22, 2024
Perhaps that is true. My thought was just that if you are directly looking up the bearer token amongst all tokens that exist on your app, it is far easier than a hacker having to guess both an email AND a token. A person going nuts on the command line with curl could set HTTP Authorization headers at random until they got one right.
from ember-simple-auth.
marcoow
commented on May 22, 2024
If it's possible to guess the token with curl on the command line than you need better (longer/more complex) tokens ;)
Am 30.11.2013 um 19:26 schrieb brandonparsons [email protected]:
Perhaps that is true. My thought was just that if you are directly looking up the bearer token amongst all tokens that exist on your app, it is far easier than a hacker having to guess both an email AND a token. A person going nuts on the command line with curl could set HTTP Authorization headers at random until they got one right.
—
Reply to this email directly or view it on GitHub.
from ember-simple-auth.
Related Issues (20)
- Deprecation: `old-deprecate-method-paths` HOT 1
- Ember Simple Auth: The automatic session initialization is deprecated on Ember 3.28.4 HOT 9
- Is Torii addon abandonned ? HOT 9
- Ember 4.1.0: Use of `assign` has been deprecated. Please use `Object.assign` or the spread operator instead. HOT 1
- Unhandled Promise error detected when using the manual session.setup function HOT 9
- When I logout of one tab the authenticated data still seems to be populated in another tab HOT 1
- React to authentication in a component via modifier HOT 2
- v2 addon format HOT 5
- Typescript error on accessing prohibitAuthentication HOT 3
- CookieStore is not initializing/syncing correctly HOT 2
- Dependency Dashboard
- CookieExpirationTime not being set HOT 2
- When syncing tabs (session store), schedule of the refresh token should be updated
- ember-polyfills.deprecate-assign deprication in Ember 4.4 HOT 2
- Action Required: Fix Renovate Configuration
- ESA's Application route hides host app's route when using pod layout & embroider HOT 5
- Access token does not persist HOT 1
- Neither of test apps work - did you stop maintaining it? HOT 1
- Missing deprecation guide for session events HOT 1
- test-app should use modern Octane syntax
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ember-simple-auth.