/api/change-access-code does not require authentication, meaning anyone understanding the API logic can potentially change the access code. Similarly, right now, we can access the /manage pages via URL instead of through /manage-login.
Note
We'll address this later, after completing the change access code functionality.
dangminhduc1101
commented
1 month ago
Problem
/api/change-access-codedoes not require authentication, meaning anyone understanding the API logic can potentially change the access code. Similarly, right now, we can access the /manage pages via URL instead of through /manage-login.Note
We'll address this later, after completing the change access code functionality.