Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Flaw] Tokens saved to Database in cleartext are vulnerable to attack #55

Open
falansari opened this issue Nov 16, 2017 · 2 comments
Open

[Security Flaw] Tokens saved to Database in cleartext are vulnerable to attack #55

falansari opened this issue Nov 16, 2017 · 2 comments

Comments

@falansari
Copy link
Contributor

Just like we hash and salt our users' passwords, the same treatment should be applied to the social accounts' tokens, as they have the same vulnerabilities as cleartext passwords. A sniffed out token from traffic, including an expired one, can easily give a malicious individual the user's social account's password and id.

@sevilayha I'd be happy to make a PR for this, unless you have better plans for it 😀
@chris-sev
Copy link
Member

@fatima-alansari Good call. A PR would be great. Thank you

@falansari
Copy link
Contributor Author

Update: Sorry for the delay, things have been too hectic with my project. Will have the time to do this next week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chris-sev @falansari