added web and super cool login #2
Conversation
Jamesflynn1
left a comment
Jamesflynn1
left a comment
There was a problem hiding this comment.
"swordf1sh" is a hard coded and visible password in the Javascript function
Solution: Add server side authentication calls.
Store usernames/passwords securely server side in a database
Can access /welcome.html directly
Solution: Ensure user authentication before accessing the page.
Can login without being a user
Solution: Require a username to be entered.
Can access "Other stuff that we don't want the world to have access to"
Solution: Display this page only if the authenticated user has the required (admin) role.
There was a problem hiding this comment.
Issue:
Password is hard coded into the website, leaving it exposed
Solution:
Use a secure database
Issue:
User doesn't have to be registered to log in
Solution:
Require a username with a respective password to log in
Issue:
Can bypass the login by accessing welcome.html
Solution:
Require a log in to access the page
cwsbowe
left a comment
cwsbowe
left a comment
There was a problem hiding this comment.
Can view the password "sword1sh" by inspecting the page. This can be addressed by using server-side authentication and storing user information in a secure database.
Does not require a username to log in, simply the password. Each user should have a unique username password combination stored in a database.
Can simply access the url /welcome.html which should require authentication
I made this super cool secret area can someone give it a look over and make sure its all right thanks xooo
theres also a really coool preview here https://koalabotuk.github.io/pr-for-we/