Open

#376 Expose a user ID to the outside

WebsiteBugby @Ecconia1 year ago

Users on the website do have an ID which increments per user.

This ID can be get by querying the API of the website, or the auth API for the game.

-> IT IS GOOD TO HAVE AN ID (that never ever, like NEVER changes)! For non-name user banning on servers for example.

But that ID must not be the primary key of the DB user entry, since that allows attackers to more easily guess how to attack a certain user, or guess the amount of existing users.


0 comments