Closed minrk closed 3 months ago
this was added to make transferrable login more convenient long ago, but persisting hashed passwords are the way to go these days, and this isn't the right thing to do in e.g. jupyterhub
ref: https://discourse.jupyter.org/t/is-it-possible-to-avoid-exposing-token-in-get-parameter-in-jupyterhub/24367
This is not a vulnerability, just an improvement in where we pass tokens and when.
this was added to make transferrable login more convenient long ago, but persisting hashed passwords are the way to go these days, and this isn't the right thing to do in e.g. jupyterhub
ref: https://discourse.jupyter.org/t/is-it-possible-to-avoid-exposing-token-in-get-parameter-in-jupyterhub/24367
This is not a vulnerability, just an improvement in where we pass tokens and when.