Support » Plugin: API Bearer Auth » Security concern

  • Resolved laetitiad

    (@laetitiad)


    Hi,

    First of all, thank you very much for this plugin, it works great!

    I have a question about security. When using the login API, the data returned contains a lot of informations, e.g the ‘data’ object has the user_pass hashed in it. I find this quite concerning, as I believe the user pass should not be transmitted in any way, hashed or not.

    What do you think?

    Thanks in advance

    Laetitiad

    • This topic was modified 6 months, 3 weeks ago by laetitiad.
    • This topic was modified 6 months, 3 weeks ago by laetitiad.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author michielve

    (@michielve)

    Hi,

    I think you have a point about the hashed password. It’s of no use so why return it. If I have time I’ll look into this and remove it from the response.

    If you have other fields you think are not safe to return, please let me know!

    Best wishes,
    Michiel

    Plugin Author michielve

    (@michielve)

    Hi,

    I’ve released a new version (20200818) and now the user_pass is removed from the returned user. Thanks for letting me know!

    Best wishes,
    Michiel

    Thread Starter laetitiad

    (@laetitiad)

    Wow, thank you very much for the quick fix!

    If there is another field that doesn’t look appropriate, i’ll let you know… so far it seems okay 🙂

    Thanks again for the nice plugin and support

    Have a nice day

    Laetitiad

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security concern’ is closed to new replies.