Potentially Inconsistent authentication mechanism [LOW]

sodadata / soda-sql

Soda SQL and Soda Spark have been deprecated and replaced by Soda Core. docs.soda.io/soda-core/overview.html

https://docs.soda.io/

Apache License 2.0

61 stars 17 forks source link

Potentially Inconsistent authentication mechanism [LOW] #186

Closed jmarien closed 2 years ago

jmarien commented 2 years ago

When connecting to the Soda cloud (server) two different mechanisms are used by the code:

• Authentication token in HTTP authentication header • Authentication token in JSON request body

The code uses the Python "requests" module for interaction with remote webservers. That module has the option to use an "auth" argument in its GET and POST methods. That "auth" argument can use various standard HTTP authentication mechanisms (basic authentication, digest authentication...)

jmarien commented 2 years ago

Token security has been vastly improved server-side.