I believe passwords are the tip of the iceberg, and are a problem only because a password leads to systems & data.
Sure, if you don't store the password, there is less chance that it's compromised, but that doesn't reduce at all the risk of data leak from other components of your app, including what can still be personal information, or confidential information.
You might not be the one to leak the user password (which, let's face it, they probably used everywhere), but you can still leak a lot of data and get blamed for it.
Thank you for your comments. Between you and Bailey I think I've decided to just buckle up and handle my own data and ensure it is secure.
I like what you said about how ( 'they probably used everywhere' ), because this is kind of my original thought on the matter. If they have a very weak password for an oauth application this could make it less secure, and vice versus.
I believe the best way to solve this is just by making sure the database is secure and rather not leave it up to a third party provider for authentication.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I believe passwords are the tip of the iceberg, and are a problem only because a password leads to systems & data.
Sure, if you don't store the password, there is less chance that it's compromised, but that doesn't reduce at all the risk of data leak from other components of your app, including what can still be personal information, or confidential information.
You might not be the one to leak the user password (which, let's face it, they probably used everywhere), but you can still leak a lot of data and get blamed for it.
Thank you for your comments. Between you and Bailey I think I've decided to just buckle up and handle my own data and ensure it is secure.
I like what you said about how ( 'they probably used everywhere' ), because this is kind of my original thought on the matter. If they have a very weak password for an oauth application this could make it less secure, and vice versus.
I believe the best way to solve this is just by making sure the database is secure and rather not leave it up to a third party provider for authentication.