Why not making tokens hashing the default/mandatory?

nathanaw
Participant V

I refer to https://docs.apigee.com/api-platform/security/oauth/hashing-tokens

Like mandatory vaccinations, Since it is common sense to hash sensitive details in database, why is token hashing not made the default and mandatory? Is it because of performance? Could the next release of Apigee enforce the default hashing of tokens?

Nathan Aw (Singapore)

0 1 133
1 REPLY 1

sidd-harth
Participant V

It may be because of the performance overhead. But I do not see this as an issue as there is a simple way to enable hashing for paid accounts.