[Feature] Card number and security code stored in plain text... and in token

[Mardoxx]

"...It is just a bootstrap for developers to easily get started in the world of Docker containers and microservices with .NET Core."

People WILL use this for prod, or as a reference..... guaranteed.

Is this a good idea?

Absolutely no reason to store it as plain text, or at all, definitely not to store it in the token which is sent to every service!

Might also want to remove that backdoor bypass-auth middleware!

[CESARDELATORRE]

Agreed on the token. No reason for that and if being used from there, the logic has to be changed.

About the credit card in the database, it could be encrypted. Might do it in the future.

But, we clearly say in the disclaimer that this is NOT a reference for eCommerce, just a reference/sample to learn about Microservices Architecture and Docker containers.
There are many more areas that are not production ready for eCommerce, not even feature completed from a business perspective. We are not building a product, just a sample with complexity enough for a Microservices Architecture.
We can improve the security area A LOT. There are many more issues in security and that is one of the reasons why this is not production ready, just a sample to learn Microservices approaches.
We'll continue improving it, probably these point will be fixed and other areas in security, but still, this is not a "open source production ready product" but just a sample.

[Mardoxx]

But, we clearly say in the disclaimer

Matters not what your disclaimer says, people will still use it!

Really appreciate what is being put together here though 😄

[mvelosop]

Closing this issue as a possible enhancement, logged into vNext section in the backlog