She was mostly looking for validation, since the guys in the group thought that hashing the passwords on an online banking application is waste of time, and the best way to handle login is to send the whole user database to the front-end so you can match the unhashed password to the correct account
Colleges should lower their limits for stabbing
I want to see how they’re managing sessions lmao. Like can I just send ‘true’ back from the front-end function to access any account?
Every user shares one single bearer token
deleted by creator
You could do that or just pick the unhashed password from everyone they conveniently send to you (it’s encrypted in the DB so it’s secured)