Demonstrate proper security (do not use req.body directly)
glebec opened this issue · comments
boilermaker/server/auth/index.js
Line 24 in 43c4e85
Whatever we show students, they inevitably emulate in future projects – even when we explicitly state that it is an antipattern, there for education. Accordingly, I think we should extract the properties we want from req.body
(or blacklist sensitive properties) rather than pass it directly to .create
.
💯 ✖️ 💯