Any way we can make API tokens a one-way process? | WordPress.org

techano
(@techano)

11 years, 4 months ago

Love the product and the options that it provides.

Have one small issues I’d like to request a fix for:

If you use some of the API options for remotely backing things up then you have to install an API access token – that token should never be revealed to others and yet in a shared admin situation that token in plainly visible.

There is no need for that at all – once it is installed it should be treated like any other password and be behind a one-way mirror so to speak.

Can we do that for the services that require an API access token?

Can we at least secure the access to the keys so only the person that puts them in can view them under a single account?

http://wordpress.org/extend/plugins/backwpup/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Daniel Hüsken
(@danielhuesken)

11 years, 4 months ago

I’m not sure that i really understand what you mean.

In Version 3 BackWPup will get it’s own caption for better mangaing the acsses rights.

Thread Starter techano
(@techano)

11 years, 4 months ago

An API token is pretty much identical in function to a password.

We keep passwords hidden – why should API tokens be plainly visible once entered?

They should also be stored in the database encrypted just like passwords as well.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Any way we can make API tokens a one-way process?’ is closed to new replies.

In: Plugins
2 replies
2 participants
Last reply from: techano
Last activity: 11 years, 4 months ago
Status: not resolved