MaxWies
commented
4 years ago Middleware component:
-
adminKey (~50 random characters) has a hash value
-
our code stores the hash value (of course not the adminKey)
-
adminKey is sent as header (always via https, then the header is encrypted)
-
component calculates the hash value from the adminKey. If equal to stored hash value then authentication as admin is successful
The current admin authentication with a fixed
adminKeyshould be a very temporary solution.Ideas what we can do instead while keeping it simple?