View Revisions: Issue #6899

Summary 0006899: bank requires expensive computation on every API call with authorization
Revision 2021-07-19 14:53 by Christian Grothoff
Description The bank uses hashed+salted passwords for API authentication.

Unlike with human users, where the authentication check is done once at login (and then only a signed cookie is verified), checking a password for *every* request is rather expensive.

We could:
* move to plain text API keys
* cache hashes of successful logins in memory

As a further complication in the pybank, we need to somehow work around the built-in django authentication system and do our own checks.
Revision 2021-06-09 15:38 by Florian Dold
Description Both the merchant and the bank uses hashed+salted passwords for API authentication.

Unlike with human users, where the authentication check is done once at login (and then only a signed cookie is verified), checking a password for *every* request is rather expensive.

We could:
* move to plain text API keys
* cache hashes of successful logins in memory

As a further complication in the pybank, we need to somehow work around the built-in django authentication system and do our own checks.