Passwords are stored in plain text

[scottbeacher]

From what I can tell looking at the code you are not encrypting the passwords but instead just storing them in plain text?

[galenmaly]

This is incorrect.

The app takes the somewhat unconventional approach of salting + hashing client-side so the server never sees the raw password. The server does not perform additional hashing before storing the hashed password received from the client.

The hashing function used is not the best and this has been switched to bcrypt in the Vue rewrite, if that launches.