[bisq-network/bisq] Minimal api (#3001)
Bernard Labno
notifications at github.com
Thu Aug 29 05:51:58 UTC 2019
>The authorization based on a fixed token is not secure against replay attacks
What fixed tokens? You get a new token each time you sign in and they have certain lifetime.
This is industry standard.
>My proposal is to remove insecure authentication and authorization altogether.
No comment.
>his way we make it clear that API service is only supposed to be used locally
No, the API is meant to be used over TOR, and at some point to be consumed by mobile clients.
Please do not look at things from your own use case only.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/3001#issuecomment-526034704
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20190828/fe00a3f2/attachment.html>
More information about the bisq-github
mailing list