Comments (2)
TrangNguyen
commented on August 15, 2024
I totally agree, a token of random unique ID type might be a btter choice. Username should not be sent with the email either. In case that password-reset email got into the hand of malicious hacker, he will be able to change the password and with username, he can log in and really steal your account.
from node-login.
braitsch
commented on August 15, 2024
The password reset link now contains a single use UUID to lookup the user's account and validates against the user's last recorded IP address.
from node-login.
Related Issues (20)
- "Forgot your password" sends smtp error in console HOT 4
- Replace MD5 with something more secure HOT 2
- Hi,
- "req.body.id" is a bug, the user maybe delete other people's account.
- Link sign in with HTML Page HOT 3
- Set user session HOT 1
- Atomicity violation during user registration HOT 3
- Password reset will fail HOT 1
- Is it safe to store username and password in cookies? HOT 3
- Current security issues. HOT 4
- It'll be better if someone could make a feature as Integration with LDAP
- How can I apply this server to my personal front-end login page? HOT 1
- About the database HOT 1
- mongo connectivity
- Project status?
- Organization/Maintenance
- Password Retrieval HOT 1
- The website is down HOT 1
- Login Minor Bug
- How to get Database connectivity and Db MongoDB file
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-login.