Good ideas and conversation. No ads, no tracking. Login or Take a Tour!
forwardslash · 3898 days ago · link · · parent · post: Hubski PSA: Reply-alerts and comment-alerts have been combined
It's definitely something we can look into, and something I plan to delve into especially around user authentication and authorization. Any ideas you had in mind?
YetAnotherAccount · 3898 days ago · link ·
You're hashing the password serverside, yes? So hash it via two different methods(*) - one for the password check as usual, one that is used as an encryption key to unlock the person's history. This doesn't prevent everything, but at least prevents (for example) someone from walking off with the database and automatically getting everyone's history. (*) Or hash it with two different salts, probably simpler.