appsec-challenges icon indicating copy to clipboard operation
appsec-challenges copied to clipboard
verified publisher icon dub-flow

Update main.java

Open websecnl opened this issue 1 year ago • 2 comments

This is how utilizing OpenAI GPT-4 for Code Review would solve it, Good enough? what do you think?

websecnl avatar Jan 19 '24 17:01 websecnl

This is just to show a potential patch, do not actually merge this :P

websecnl avatar Jan 19 '24 17:01 websecnl

Lol didn't expect someone to submit a merge request.

Love ChatGPT's solution for the admin endpoint. So If provide 'username=admin', then I can retrieve admin functionality? That's not how it works :D.

Regarding the password hashing: Bcrypt is a good solution. However, I'm not convinced about simply using BCryptPasswordEncoder.encode() (I honestly don't know if this is solid - would have to research it). I'm wary because it doesn't provide e.g. a work factor which is fundamental for password hashing.

You will find my recommendation on my LinkedIn in a few days :).

dub-flow avatar Jan 19 '24 19:01 dub-flow