credentials in web extension are hard coded which raise security issue

4darsh-Dev / CogniGaurd

A web extension for identifying dark pattern on websites powered by Fine Tuned BERT Model for classificaiton on dark pattern custom dataset,

https://cogniguard.onionreads.com/

MIT License

17 stars 38 forks source link

credentials in web extension are hard coded which raise security issue #25

Open 4darsh-Dev opened 1 month ago

4darsh-Dev commented 1 month ago

Description

Currently in web extension credentials of username and password for authentication from django api (rest framework) is hard coded find ways to fix that security issue. While sending post request it is converted to base64.

Propose changes and how it can be solved

scientest commented 1 month ago

you remove the need for hard-coded credentials and increase security. The process involves setting up Django REST Framework with JWT, handling tokens in the web extension, and ensuring secure API requests. This approach not only secures the authentication mechanism but also aligns with best practices for modern web applications.

4darsh-Dev commented 1 month ago

okay, It sounds great so first we need to setup user Authentication on our web app from where user can obtain access and refresh token with their credentials , which can work further and stored in chrome storage. We can also limit the usage of token requests for users.