Login HTTP endpoint is insecure #38
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Currently there is not a check done against the database to validate that the user credentials sent with the request to the /api/login HTTP endpoint is valid. Below is a list of ways to secure the login HTTP endpoint: