You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a API designer, I need to be reminded that a password should never ever ever be returned from an API in any situation, hashed or otherwise, so I can avoid turning up in one of Troy Hunts blog posts.
During my 14 years at Pfizer, I once reviewed an iOS app built for us by a low-cost off-shored development shop. I proxied the app through Fiddler, watched the requests and found an API that was returning every user record in the system and for each user, their corresponding password in plain text. When quizzing the developers about this design decision, their response was - and I kid you not, this isn't made up - "don't worry, our users don't use Fiddler" 🤦♂️
I cannot think of any reason ever to return any user's hashed password to an y interface, including an appropriately auth'd one where only the user themselves would receive it. https://www.troyhunt.com/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data/
Acceptance Criteria
We could add a rule which says any field called password or password_* should be writeOnly: true.
The text was updated successfully, but these errors were encountered:
User Story Description
As a API designer, I need to be reminded that a password should never ever ever be returned from an API in any situation, hashed or otherwise, so I can avoid turning up in one of Troy Hunts blog posts.
Acceptance Criteria
We could add a rule which says any field called password or password_* should be
writeOnly: true.The text was updated successfully, but these errors were encountered: