API Tokens are currently stored in plaintext, which creates a security vulnerability. We should hash the tokens in the DB, and use those when authenticating the requests.
Additional modifications needed:
- Guest and Admin tokens must be communicated once (and not saved in an external persistent file)
/subjects endpoint should not return the tokens (neither hashed nor plaintext)
API Tokens are currently stored in plaintext, which creates a security vulnerability. We should hash the tokens in the DB, and use those when authenticating the requests.
Additional modifications needed:
/subjectsendpoint should not return the tokens (neither hashed nor plaintext)