Hacker News new | comments | show | ask | jobs | submit login

No, not at all. There are many scenarios in which data can be accessed read-only such as ACL misconfiguration, poorly secured backups, 0-day attacks which allow stealing cryptographic keys, overly verbose exception messages, etc.

An adversary who makes a single copy of your database could impersonate any user, and go unnoticed for potentially a huge period of time unless you have good intrusion protection. A targeted attack might steal just a single token, and could last a few seconds only, but then have unauthorised access indefinitely via the token.

EDIT: Incidentally this is why only the hash of the token should be stored in the database, just like storing passwords. Also the token should expire.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: