soc-se-bot
commented
5 months ago Team's Response
while it is true that only the username bob and password password are permitted, this was intentionally done following the advice of teaching assistants from tutorials, as we were told we can only accommodate one user for our application.
Items for the Tester to Verify
:question: Issue response
Team chose [response.NotInScope]
- [x] I disagree
Reason for disagreement: The team might have miscontrued what the TAs have mentioned. While "told we can only accommodate one user for our application.", the user might want to change their username or password to better protect their app from malicious users, making it a single user issue. In fact, not being able to enter my own custom username and password even when I am using the app for the first time only serves to further exacerbate the issue, since it is still accomodating a single user while giving issues to that user (user is unable to personalise the app). Lastly, this feature is in fact doable for v2.1 given that we have a few weeks to do it, this I disagree that the issue is "not in scope".
Steps to reproduce: Open the app. User will be prompted to enter username and passcode, which is only bob and password respectively.
Not implementing username and password changes/resets will allow other agents to view user's finance history, which is unsafe.