strbean opened this issue 8 years ago · 0 comments
The back end delivers all data in the user table to the client. This includes password hashes, activation keys, etc.
Data sent should be checked against a whitelist of non-sensitive columns.