Storing passwords in plain text, as done in the AuthMiddleware with the users object, is highly insecure and not recommended for real-world applications. In a production environment, passwords should be hashed and compared against hashed values.
Proposed Solution
Instead of storing passwords in plain text, use a secure hashing algorithm (such as bcrypt or Argon2) to hash the passwords before storing them in the database. Hashing ensures that even if the database is compromised, the passwords remain secure.
Suggestion/Concern
Storing passwords in plain text, as done in the AuthMiddleware with the users object, is highly insecure and not recommended for real-world applications. In a production environment, passwords should be hashed and compared against hashed values.
Proposed Solution
Instead of storing passwords in plain text, use a secure hashing algorithm (such as bcrypt or Argon2) to hash the passwords before storing them in the database. Hashing ensures that even if the database is compromised, the passwords remain secure.