Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Let me make sure I have this right. You're saying that the server is responding back to the user with the actual Password in the payload!?
-
this is what my manager suggested to do instead of oauth because that sounds much more complicated
-
Root826023ySeriously!?
I would take production down, immediately, and keep it down until that was fixed. And afterwards, I would schedule mandatory security training for devs, QA, and management. And probably start sharing news about security breaches every few days in a slack channel to keep the threat of a breach fresh in their minds.
I have no chill when it comes to security. -
@iSwimInTheC The plain password. I didn't even know it was stored; back when I looked, it saved some base64 encode of the SHA, or something like that -not the best practice, but still theorically secure; the system was created before bcrypt was a thing, so it makes sense.
-
I think I’m missing something
It’s sending the password and login and email back to the browser ? -
@lesbianmilitia it's storing the password as plain text (bruh?!?!?) and it's sending the clear credentials back to any client on a following request (BRUH?!?!??!?)
Related Rants
-
blockchaintacos19D: “Did the attackers exfiltrate any data?” M: “I can’t say for sure, but most likely based on—” ...
-
AdB00112In unit test Me: *uses everything I have , writes a program with my own logic, tries to make it better by add...
-
boombodies12Corporate IT: Here at Company A we are very proactive about CyberSecurity! Dev: What is our cybersecurity pla...
> Some unit test is not behaving well in my local environment
> Weird, I should print the response from the server, maybe the client isn't receiving what I think it's receiving
> see this
SAY SIKE RIGHT NOW
rant
unit test
cybersecurity