Security: Username/password authentication needs to be more secure; consider Google Oauth

TCHayes / best-card-v2

Always know which of your credit cards offers the best rewards for each purchase

https://secure-lake-16708.herokuapp.com/

2 stars 0 forks source link

Security: Username/password authentication needs to be more secure; consider Google Oauth #4

Open TCHayes opened 7 years ago

TCHayes commented 7 years ago

Security: Username/password authentication is functional, but a user can sidestep that process by simply setting a cookie in their browser with the key 'token' and value of whichever username they wish to log in as.