moonming commented on issue #11197: URL: https://github.com/apache/apisix/issues/11197#issuecomment-2078961201
> username required unique but API Key also, because if API Key not unique for all user how about your detect user A with user B. > > What happens when the username is unique but the API Key is duplicate, then determining which user is calling is impossible @dvdieu You are right, if there are duplicate API keys, it is impossible to identify different consumers. I don't have a good proposal on how to solve it yet, because Apache APISIX uses etcd as storage instead of a relational database, and it's not easy to determine if there are duplicates. What do you think? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
