username: example@example.nl:passw
password: ord
Result: example@example.nl:passw:ord
The result are the same!
Of course you still have to know the password of the user, so it won't result in users getting hacked.
It can be solved by using a different key(or none) or validating the username better.
The
userList
in theUserService
is not safe, it is aMap
with username and password as key(username:password
).Example: username: example@example.nl password: passw:ord Result: example@example.nl:passw:ord
username: example@example.nl:passw password: ord Result: example@example.nl:passw:ord
The result are the same!
Of course you still have to know the password of the user, so it won't result in users getting hacked.
It can be solved by using a different key(or none) or validating the username better.