Edit - Information Security Stack Exchange

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

1

+1 @jimbob gives you a few (and the list is not exhaustive at all) -- Said list was not intended to be exhaustive. Started just describing the obvious CSRF vulnerability in the described part and then felt like adding a few other common things that popped to mind just in regard to authentication (ignoring things like XSS, LFI) as well as user access control, restricting access, secure generation random tokens, weak or reused passwords, don't log passwords in plaintext in server logs, etc

dr jimbob
– dr jimbob

2014-04-16 20:07:14 +00:00
Commented Apr 16, 2014 at 20:07
I'm OP. Appreciate very much response; added details in comment to question. Am not saying it would be easy to cover all issues, am wondering whether using an existing library (say, passport.js for an Express.js server) is better than rolling my own. I guess my main thought is: security issues will have to be verified anyway; will it much easier with a 3rd-party lib than by rolling my own?

sellarafaeli
– sellarafaeli

2014-04-17 09:54:21 +00:00
Commented Apr 17, 2014 at 9:54

Add a comment |

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author