- 7 Posts
- 3 Comments
Joined 3 years ago
Cake day: July 18th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
11·6 months agoIs it just me or does that sound exaggerated, clickbaity?
No, warn is, by definition (see 1.c), an accurate term to use.
If you are looking to do something like Github’s Personal Access Tokens (PAT) then it is easiest to just think about it like a password:
- Create a high entropy (secure) string
- Store the hash of the string in a database table
- Store the permissions and other metadata with the PAT’s hash
- Validate the PAT (permissions, revoke status, etc) on each request to the server
Storing the hash of the token, like you do with passwords, is a good practice in case your db is ever compromised as it wont leave the tokens accessible and reusable without a lot of effort.
Never bothered to check how many packages depend on libxml2. It’s 418 packages that directly depends on it.