Hacker News new | ask | show | jobs
by wolttam 167 days ago
I suggest updating the login form's "query" to:

  SELECT token, user_id FROM users
  WHERE username = '____'
  AND password = HASH('____')
  -- Or maybe: AND password_verify(password, '____')
  LIMIT 1;
I assume you are already hashing passwords, but the current login form's 'UI query' is enough to raise questions
1 comments
lenvl 167 days ago
Sounds good. I'm currently offline, due to migration to a different env. But I'll add this.
link