#8 API key for same tenant name always identical

from mantis - 2012-03-13 11:00 (codingplayer)

the current implementation of API key generation does not use/introduce some randomness (e.g. timestamp) before generatng the key.

Hence for different instances, using the same tenant "name" it always generates the exact same API key.

This may be a security issue, since if the API key for one instance is exposed, also all other instances with the same tenant "name" will be exposed as well.