Reset tokens should be in private db

timwis / enviar

Chat interface for SMS / text messages

37 stars 6 forks source link

Closed timwis closed 8 years ago

timwis commented 8 years ago

Authenticated users can access the enviar/messages db, so reset tokens should be in a separate db (assuming they cant be hidden )

timwis commented 8 years ago

Or just store them in the user document