If I read that, I always am afraid that security is breached by not hashing and salting the passwords, please tell me you do that though. Additionally, while I agree it offers more flexibility by using no framework, you do sacrifice the built-in security components in frameworks such as CSRF and session hijacking. Even when you use a framework, you do have to be wary about security. For instance, a lot of frameworks do not throttle requests which could result in brute force attacks and such.
I really like to work with security concepts, so that is why this comment is so security oriented.
I work as CPO for a Swiss Telco/Messaging Platform Company.
My real passion is developing in Golang, Vue-Nuxt/ReactJs/Angular with Redis, Nsq/RabbitMQ, ArangoDB, MongoDB and Sql
Thanks for your comment Wesley.
Well, my post or way of doing this kind of project is not about sacrificing security needs. I would say, that having a PW Reset Flow does not mean, that things are more secure, with or without a framework. Of course, always having in mind, that eg saving a PW need some hashing and salting, as you 100% correclty said. Don't worry, I never would save a PW without that, manually or implemented. :-)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
"I set him a new one manually"
If I read that, I always am afraid that security is breached by not hashing and salting the passwords, please tell me you do that though. Additionally, while I agree it offers more flexibility by using no framework, you do sacrifice the built-in security components in frameworks such as CSRF and session hijacking. Even when you use a framework, you do have to be wary about security. For instance, a lot of frameworks do not throttle requests which could result in brute force attacks and such.
I really like to work with security concepts, so that is why this comment is so security oriented.
Thanks for your comment Wesley.
Well, my post or way of doing this kind of project is not about sacrificing security needs. I would say, that having a PW Reset Flow does not mean, that things are more secure, with or without a framework. Of course, always having in mind, that eg saving a PW need some hashing and salting, as you 100% correclty said. Don't worry, I never would save a PW without that, manually or implemented. :-)