Security tokens and keys stored as plain text

  • Resolved Bullrunner

    (@bullrunner)


    5 years, 3 months ago

    All the security tokens and keys are stored as plain text in the website’s access log file.

    Not sure that this is particularly secure……

    E.g:

    GET /?rest_route=%2Fshare-logins%2Fvalidate&site_url=[URL]&access_token=[ACCESS TOKEN TEXT]&secret_key=[SECRET KEY TEXT]&secret_iv=[SECRET IV TEXT]

    • This topic was modified 5 years, 3 months ago by Bullrunner.
Viewing 1 replies (of 1 total)
  • Plugin Author Codexpert, Inc

    (@codexpert)

    Hi @bullrunner,
    The token and keys are sent just to make sure that both the site use the same keys to encrypt/decrypt the data. And it’s only sent when you validate a connection which is only accessible by the admin.
    The actual data are always encrypted.

    Hope that helps.

Viewing 1 replies (of 1 total)
  • The topic ‘Security tokens and keys stored as plain text’ is closed to new replies.