Avoid getting the hashed_password when not necessary #41
Labels
No Label
bug
discussion
doc
feature
help wanted
security
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Sceptique/LifePex#41
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
1. don't select the password
auth.rb:L30
We should not select the hashed_password by default
2. drop the password after use
login/register should not need user.password after use. drop the field