aaronreed708
commented
5 months ago Thank you for the recommendation!
Open Photon3009 opened 5 months ago
aaronreed708
commented
5 months ago Thank you for the recommendation!
Suggestion/Concern
Storing passwords in plain text, as done in the AuthMiddleware with the users object, is highly insecure and not recommended for real-world applications. In a production environment, passwords should be hashed and compared against hashed values.
Proposed Solution
Instead of storing passwords in plain text, use a secure hashing algorithm (such as bcrypt or Argon2) to hash the passwords before storing them in the database. Hashing ensures that even if the database is compromised, the passwords remain secure.