Why is the password check done client side? It needs to be done server side. I can simply remove the password checks in the code, giving me access to everything. Despite the good attempt with the hash and salt, it doesn't do anything if I don't need it.
You are viewing a single comment. View All