> Some unit test is not behaving well in my local environment
> Weird, I should print the response from the server, maybe the client isn't receiving what I think it's receiving
> see this

SAY SIKE RIGHT NOW

Folks don't think cyber security
And this bugs me

@ChristoPy Folks don't think in general :|

Sike! That's the wrong number!

Let me make sure I have this right. You're saying that the server is responding back to the user with the actual Password in the payload!?

this is what my manager suggested to do instead of oauth because that sounds much more complicated

Seriously!?

I would take production down, immediately, and keep it down until that was fixed. And afterwards, I would schedule mandatory security training for devs, QA, and management. And probably start sharing news about security breaches every few days in a slack channel to keep the threat of a breach fresh in their minds.

I have no chill when it comes to security.

@iSwimInTheC The plain password. I didn't even know it was stored; back when I looked, it saved some base64 encode of the SHA, or something like that -not the best practice, but still theorically secure; the system was created before bcrypt was a thing, so it makes sense.

I think I’m missing something
It’s sending the password and login and email back to the browser ?

@lesbianmilitia it's storing the password as plain text (bruh?!?!?) and it's sending the clear credentials back to any client on a following request (BRUH?!?!??!?)