User's password is saved to db directly without encryption
xzyaoi opened this issue · comments
Xiaozhe Yao commented
I'm using it with Vagrant and I fount it saved user's password without encryption.
Is it a bug?
Weiming Dong commented
@stevefermi yes. you are right. I will apply hashing algorithms like 'bcrypt' on the password and stores it
Weiming Dong commented
@stevefermi now the password has encrypted