These are chat archives for systemaccounting/mxfactorial

16th
Sep 2016
Mike Klishevich
@klishevich
Sep 16 2016 04:10
ok thanks @hotay
Mike Klishevich
@klishevich
Sep 16 2016 05:12
Is it ok that we send plane password through http /account/auth req.body { username: 'lex', password: 'mypass123' }? Maybe better to md5 on client?
Mike Klishevich
@klishevich
Sep 16 2016 05:36
@hotay @mxfactorial I add getAccountByAccountName to transact/crud.js (same as it was in account.crud.js) https://github.com/klishevich/mxfactorial/blob/dev02/transact/crud.js#L33
But I do not think that additional db request is good, maybe we should save MD5 password after authentication on server and do not make additional request?
Nguyen Ho Tay
@hotay
Sep 16 2016 06:08
We are using HTTPS so no need to worry about it
For the second one, we had token validation om
*we need make an additional request to make sure username is unique
In transact case it's ok because we want to validate password
Nguyen Ho Tay
@hotay
Sep 16 2016 06:14
Can't do that without request db, store that info inside me in token is too risk
*json
Mike Klishevich
@klishevich
Sep 16 2016 10:54
OK, thanks