Tokens are basically just passwords, and we need to treat them as such. In particular, the database should be storing a hash of the token instead of the token itself (the user would still transmit the encrypted plain-text token, not the encrypted hash of the token).
It would also be worth looking into any other security best practices for passwords, e.g. what hash algorithm should be used.
Tokens are basically just passwords, and we need to treat them as such. In particular, the database should be storing a hash of the token instead of the token itself (the user would still transmit the encrypted plain-text token, not the encrypted hash of the token). It would also be worth looking into any other security best practices for passwords, e.g. what hash algorithm should be used.