Auth example in ChitChat

Open rambocoder opened this issue 10 years ago • 0 comments

Do you think it would be more educational to use http://stackoverflow.com/a/23259804 as an example of generating a hashed password and then comparing the password provided by chitchat user to the previously hashed password here https://github.com/sausheong/gwp/blob/master/Chapter_2_Go_ChitChat/chitchat/route_auth.go#L48

Another suggestion, could you add CSRF protection to the ChitChat example or at least address it in the book somewhere (preferably session based one: CSRF token from the form's POST value or HTTP request's CSRF header value, has to match CSRF token in the session store)

This way basic security protection is covered.

Apr 20 '15 20:04 rambocoder