cycy98
commented
1 month ago Maybe phone verification... Because else we coulld brute force
Closed Heinrich-XIAO closed 1 month ago
cycy98
commented
1 month ago Maybe phone verification... Because else we coulld brute force
tsevasa
commented
1 month ago Or rather, I would propose e-mail + password verification: When a user clicks "Delete account", they get sent an email with a temporary link. If they visit the link, they can input their password to get the account deleted. This would nicely complement #1 as accounts without a verified email will get deleted automatically anyways after some time.
Heinrich-XIAO
commented
1 month ago Maybe phone verification... Because else we coulld brute force
If #2 gets applied here, brute force won't be a big problem.
Naviary2
commented
1 month ago Actually, any hacker will be able to send a request directly to the delete/remove account controller, only requiring the users session info (or refresh token). If we are going to require your password to delete your account, that form data needs to be sent with the request to delete your account, and the remove account controller will have to be updated.
Naviary2
commented
1 month ago Fixed by #89
Deleting an account does not ask for the user's password. If an adversary were to gain access the the user's session token, but not the user's password, that adversary would be able to delete the user's account.