DEV Community


Discussion on: Node.js Express Login example with PostgreSQL

justintime4tea profile image
Justin Gross

We need to stop teaching people it's ok to roll their own identity. I've seen so many of these tutorials/articles lately. These kinds of posts should be hedged with a disclaimer like "not in production" or "for learning only" because this is exactly the kind of thing that will result in the building of wildly insecure applications and websites. Getting auth wrong hurts users. Teaching people to roll your own auth hurts developers and users. It's very closely related to people following stack overflow posts (by follow I mean copy pasta) where those posts are a "make it do a thing" answer and not a "do it right, how you would do it in production" answer.