LucaCinquini
commented
7 years ago The value is overwritten when the user creates an account anyway, but in the meantime, we have replaced it with None initialization: clearTextPassword = None
Closed LucaCinquini closed 7 years ago
LucaCinquini
commented
7 years ago The value is overwritten when the user creates an account anyway, but in the meantime, we have replaced it with None initialization: clearTextPassword = None
LucaCinquini
commented
7 years ago ... and changed the field to: clearTextPwd....
murphysj
commented
7 years ago verified changes in the code.
Who: NOAA security scan
The security scan flags this line is insecure: clearTextPassword = '' because: "Using an empty string as a password is insecure. It is never appropriate to use an empty string as a password. It is too easy to guess. An empty string password makes the authentication as weak as the user names, which are normally public or guessable. This makes a brute-force attack against the login interface much easier."