Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There's only one weakness specifically identified that I can see.

    print("new user", username, password)
Yeah, not best practice, but also pretty common for development if you wanted to check that everything is being passed to the correct function.


I don't know if it still does it, but it used to be that if you did something like

  NonQueryResult StoreUser(User user) {
   var sql = "INSERT...
It would use string interpolation to fill out the properties


Not best practice? That's a very generous way to describe storing plaintext passwords in logs. I've seen this in the wild too but that's no excuse.


> I've seen this in the wild too but that's no excuse.

See, the LLM also saw it in the wild...


That is the CWE that they identify, but the code seems to store the apparently unhashed password in the database on top of that?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: