You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using SHA for password hashing, no salt, leaking whether user is registered or not, no account verification (eg via email), no ability to reset passwords
Since this application is a starter for an application about implementing OAuth providers, I'm concerned about how this could cause huge issues if someone without much security knowledge used it as-is on their oauth provider project.
The text was updated successfully, but these errors were encountered:
This implementation is not a library and it's not intended to be used as a backbone of an application. It's an accompanying set of code to a tutorial on how to implement OAuth 2.
Using SHA for password hashing, no salt, leaking whether user is registered or not, no account verification (eg via email), no ability to reset passwords
Since this application is a starter for an application about implementing OAuth providers, I'm concerned about how this could cause huge issues if someone without much security knowledge used it as-is on their oauth provider project.
The text was updated successfully, but these errors were encountered: