An extension to Django-Rest-Frameworks Token Authentication, enabling a user to have multiple authorization tokens
BSD 3-Clause "New" or "Revised" License
14
stars
5
forks
source link
Information leakage in admin panel #2
Closed
anx-ckreuzberger closed 6 years ago
Same as with Issue 6131 on django-rest-frameworks (regarding Token Authentication), this package uses the auth token as the primary key.
An administrator clicking on a token within the admin panel will leak that token into one or many logfiles. E.g.:
django.requests
or middleware logging