ci-secure-api icon indicating copy to clipboard operation
ci-secure-api copied to clipboard

Published 20 hours ago verified publisher icon yemiwebby

weak implementation of validation

Open mckaygerhard opened this issue 1 year ago • 0 comments

this repository overcomplicated the mechanish.. all the real validation is don using helper input check event real class check over model.. this is done in the line https://github.com/yemiwebby/ci-secure-api/blob/85aa0da269c009791b2e55a35fe9aabee78a468c/app/Controllers/Auth.php#L53 using the custom user rule for the password input.. a weak way to implement the check.. https://github.com/yemiwebby/ci-secure-api/blob/85aa0da269c009791b2e55a35fe9aabee78a468c/app/Validation/UserRules.php#L10

so JWT really does not handle the check and only returns a key that can be hacked

mckaygerhard avatar Nov 20 '23 18:11 mckaygerhard