millbj92
commented
2 years ago PR submitted. Also tackled #527, that was definitely a bug.
As this is a template, and novices will most likely use this as a starting point for their projects, I would highly recommend making it known that proper security needs to be implemented before this is production-ready. I opted to not to install any crypto packages so as to not bloat the package. If you'd like me to create a page based on security, passwords, jwt, etc, I'd be more than happy. Don't know how far you want to go with it.
right now all it is doing is: form: { ...form, password: '*'.repeat(form.password.length) } in the reducer.
I know this is meant only as an example for newer users, but in the example of the form you are storing the password in the application state. While that is a security risk in itself, the value is also persisted in local storage. Again, I know this is just a small demo but it would be great to promote security while we are at it! BTW I'm a huge fan of this architecture. My thoughts on this are to either pull password from state altogether, or if you're interested in teaching a little security while you're at it, we could possibly even hash the password before it enters state.
I would be willing to submit a PR to fix this issue:
If I have time, I'd love to. I'll pull a clean branch down and have at it.
[X ] Yes (Assistance is provided if you need help submitting a pull request)
[ ] No