Would it be a security issue adding hashedPassword to getUserAttributes #1509

rwieruch · 2024-03-24T12:35:12Z

rwieruch
Mar 24, 2024

	getUserAttributes: (attributes) => {
		return {
			hashedPassword: attributes.hashed_password,
			email: attributes.email
		};
	}

Answered by pilcrowonpaper

I would avoid doing that. You can leak user password hashes if you have an endpoint that returns the entire user object (worse if it's public)

pilcrowonpaper · 2024-03-25T00:08:51Z

I would avoid doing that. You can leak user password hashes if you have an endpoint that returns the entire user object (worse if it's public)

1 reply

That's what I thought. Thanks!