Reputation: 191
Is REST framework token authentication safe?
I am relatively new to REST Framework for django. I was creating a simple app to login the users and I tried using Token Authentication. My concern is the tokens are created for each users and they are fixed (Do not change with time) and basically 1 user has 1 token mapped to him/her.
In case of a database breach or when the token is compromised wouldn't it be very easy for the hacker to just login my sending the authorization header?
I have some experience with django default session authentication which seems much more secure when comparing to the htoken auth of REST Framework. REST Frameworks implementation seems a little flawed or am I missing something?
Which one should I use in a production application?
(Note:- I am asking specifically for Rest Framework's default implementation of token auth not general token authentication.)
Upvotes: 3
Views: 491
Answers (0)
Related Questions
- Security in Django API
- Token Authentication with django rest framework
- Django Rest Framework Token Authentication
- Is djangorestframework-jwt not good for http, https?
- token/session authentication in django
- Django REST Framework TokenAuthentication to authenticate in Django generally
- Token Authentication Implementation in Django Rest Framework
- Normal user/token user authentication
- Django-rest-framework and authentication
- Login with token-based API?