kpalese
commented
4 years ago Sounds like a plan. I think it's not required for the indie project either, so while I agree it's definitely best practice, let's leave it as a stretch goal for now.
Open zcmarcus opened 4 years ago
kpalese
commented
4 years ago Sounds like a plan. I think it's not required for the indie project either, so while I agree it's definitely best practice, let's leave it as a stretch goal for now.
In order to use password hashing, which is generally best practice for app security, we would need to change the 'password' column in the User table to account for more characters (I believe char(64) or varchar(64) is the ideal data type/length).After database design/testing is mostly set and merged in, I'm more than willing to make these minor adjustments to the sql dump file and cleandb script and update the team accordingly.Currently, there's no hashing - just plain-test password storage.Re-thinking this issue. It's not a great idea to have our app available to the public without password security methods in place, but for now, though, maybe we can just consider this another one of our stretch goals. I wouldn't mind adding after we present our project.