Open des-des opened 6 years ago
Yep, good point :) don't want any hacker getting ideas about fuzzing the website to find a valid username and/or password :scream_cat:
@MynahMarie changing what happens on the client makes no difference, you need to change the behaviour on the server
https://github.com/FACN3/spend500/blob/master/src/handlers/handleLogIn.js#L33
Better:
The username / password combination is incorrect
.Then we expose no information unless the user has the correct credentials