Comment on [deleted]
DoPeopleLookHere@sh.itjust.works 1 day agoAlso since you complained no one looked at your code, you have support for plain text passwords in your code. That’s a huge no no.
Comment on [deleted]
DoPeopleLookHere@sh.itjust.works 1 day agoAlso since you complained no one looked at your code, you have support for plain text passwords in your code. That’s a huge no no.
TechSquidTV@lemmy.world 1 day ago
Thanks for looking. Make a pr.
DoPeopleLookHere@sh.itjust.works 1 day ago
Why the fuck would I when your this hostile?
TechSquidTV@lemmy.world 18 hours ago
Suspiciously quiet after being proven wrong
TechSquidTV@lemmy.world 1 day ago
github.com/TechSquidTV/Hermes/blob/…/security.py
Well I think you lied. Only password hashes are stored and verified using bcrypt. I want to see the issue you claim to have found. So, where did you see this security issue you claim I have a responsibility to fix?
Here’s the test that proves user’s are registered with a hash. github.com/TechSquidTV/Hermes/blob/…/conftest.py#…
the user model in the database doesn’t even have a password field: github.com/TechSquidTV/Hermes/blob/…/models.py#L2…
So please, what am I missing?