cherrytomaten / getoutside_backend Goto Github PK
View Code? Open in Web Editor NEWBackend repo for the GetOutside project created by team Cherrytomaten
Home Page: https://cherrytomaten.herokuapp.com/
License: MIT License
Backend repo for the GetOutside project created by team Cherrytomaten
Home Page: https://cherrytomaten.herokuapp.com/
License: MIT License
The assignment of user Ids should not be consecutively, as this is a big security concern.
Why is exposing the PK bad?
By their nature, Auto Incremented primary keys grow by one for each new entry. This is great for avoiding collision, but it means that they are easily guessable. If you somehow find out that a user with the ID 27 exists, it most probably means that there are at least 26 other users with IDs 1 to 26. An attacker can try to exploit this by sending requests with different IDs. Furthermore, since the Administrator is usually the first user registered, it can easily guess the ID and try to get access.
There were also many reports, even on high-profile sites, where a full or partial dump of the contents could be done by simply incrementing the ID. This is how Parler data was exposed, for example. Other such attacks are rather easy to find, so exposing the internal ID is bad practice. You can still use an auto-incremented primary key internal and use it for all foreign keys as well, but whenever it is sent externally, an alternative must be found.
If this doesn't issue to much work, i would recommect using uuids instead.
https://cherrytomaten.herokuapp.com/authentication/user/create/
Versuch ein User zu registrieren, der bereits existiert.
403 Server response
500 interal Server Error
duplicate key value violates unique constraint "authentication_customuser_username_key"
DETAIL: Key (username)=(testUser99) already exists.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.