User sensitive information are readable by all authenticated users

TentaCrew / STOFMA

Student Office Manager, manage your cafeteria sales and purchases easily.

http://dev.bde-ciaa.fr

5 stars 3 forks source link

User sensitive information are readable by all authenticated users #21

Closed edimitchel closed 9 years ago

edimitchel commented 9 years ago

When I look to http requests, I'm surprised to see all information about users excepted the password. My point of view is that private information (like birthday, credit sold for example) must be hidden to the (web) client.

2 solutions :

Hide sensitive attributes
Made a restricted route to user