Skip to content

Commit

Permalink
Merge pull request #273 from Adegitetaiwo/patch-1
Browse files Browse the repository at this point in the history 
Updated README.md
  • Loading branch information
@johnraz
johnraz authored May 2, 2024
2 parents 0940325 + 87da8d2 commit ef6e9d2
Showing 1 changed file with 9 additions and 8 deletions.
17 changes: 9 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ django-rest-knox

Authentication module for Django rest auth.

Knox provides easy to use authentication for [Django REST
Framework](https://www.django-rest-framework.org/). The aim is to allow
for common patterns in applications that are REST based, with little
Knox provides easy-to-use authentication for [Django REST
Framework](https://www.django-rest-framework.org/) The aim is to allow
for common patterns in applications that are REST-based, with little
extra effort; and to ensure that connections remain secure.

Knox authentication is token based, similar to the `TokenAuthentication`
built in to DRF. However, it overcomes some problems present in the
Knox authentication is token-based, similar to the `TokenAuthentication`
built into DRF. However, it overcomes some problems present in the
default implementation:

- DRF tokens are limited to one per user. This does not facilitate
Expand All @@ -24,13 +24,14 @@ default implementation:
client to have its own token which is deleted on the server side
when the client logs out.

Knox also provides an option for a logged in client to remove *all*
Knox also provides an option for a logged-in client to remove *all*
tokens that the server has - forcing all clients to re-authenticate.

- DRF tokens are stored unencrypted in the database. This would allow
an attacker unrestricted access to an account with a token if the
an attacker unrestricted access to an account with a token if the
database were compromised.


Knox tokens are only stored in a secure hash form (like a password). Even if the
database were somehow stolen, an attacker would not be able to log
in with the stolen credentials.
Expand All @@ -55,7 +56,7 @@ Python / Django versions a bit more tricky.

Our documentation is generated by [Mkdocs](https://www.mkdocs.org).

You can refer to their documentation on how to install it locally.
You can refer to their [documentation](https://www.mkdocs.org/user-guide/installation/) on how to install it locally.

Another option is to use `mkdocs.sh` in this repository.
It will run mkdocs in a [docker](https://www.docker.com/) container.
Expand Down

0 comments on commit ef6e9d2

Please sign in to comment.