I absolutely agree. An even better structure wouldn’t have a raw password field on the user object at all.
I absolutely agree. An even better structure wouldn’t have a raw password field on the user object at all.
In addition to the excellent points made by steventhedev and koper:
user.password = await hashPassword(user.password);
Just this one line of code alone is wrong.
I don’t trust them first off, but even trusting them to not voluntarily disclose it doesn’t mean they won’t have a security breach and disclose it involuntarily. Also, the database has to be created and queried somehow; some employees and govt workers will be able to see what queries are made. Even trusting the business and the govt and the security of both, I don’t trust those random people having access to that info.
What evidence do you have to give the website that you are person X that they’re running the database query against? If that’s an ID there’s going to be some available online, or a kid can just sneak it from the parent. Everything I’ve heard proposed for the identification strategy is either grossly invasive or quite easy to step over.
I don’t believe that Canada will actually enforce this across all websites. If they do it on only the large/main ones, it makes it harder for kids to access the relatively safe and legal porn hosted on sites making effort to follow the law, and pushes them towards sites that aren’t making such an effort and therefore probably have more objectionable content.
He did! He did just diss the All Might Father, Emperor of Linux on Lemmy!