New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Renaming "user" to "DNI (ID) / NIE" #13
Comments
Hello @es20490446e, sorry for the late answer, I understand that this is not ideal from user experience, but even that the credentials introduced by user are never stored and they are used to authenticate the user with the Bicicas API, I want to be cautelaos on which information I request from user. |
A potential attacker will know it is the DNI anyway, because it is mentioned in the website and the user profile. Along with plenty of other personal details. |
I understand your point, sorry I did not explain better myself. The problem is not about attackers nor security vulnerabilities, it is about strict policies on the stores and other boring stuff, it is not the same requesting a generic "user" which can be some sort of anonymous than requesting a DNI which is personal information, even if this information is properly handled. |
Ah, I see. Maybe something that subtly suggests it is the DNI, but doesn't explicitly state it, could do it. |
The Bicicas website calls the user "DNI (ID) / NIE", where this app calls it "user".
This creates a small usability problem, where you can't really recall what that "user" was.
The text was updated successfully, but these errors were encountered: