This repository has been archived by the owner on Jun 8, 2020. It is now read-only.
Information leaks in some requests #28
Assignees
Labels
must-fix
Top priority fix
Comments
|
Just started working on a fix. Also, I really think it's a top priority since it can lead into Table Row ID exposed. |
fabiofcferreira
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Due to the fact that sometimes we are lazy 😎 we are using SELECT * FROM ... and not handling the information leak that this causes. We are basically dumping all the information from a user without handling what is useful or not. We shouldn't send hashed passwords back and forth for example xD even though we are using SSL... It's just not a good practice.
TODO: go through all our requests and either stop using SELECT * and specify what we need OR take care of the extra information before we send it 👍
Easy fix and not a priority but must be taken care of before we launch.
The text was updated successfully, but these errors were encountered: