Add list of security holes

2017-04-06 21:20:23 +08:00 · 2017-04-06 21:20:23 +08:00 · d8b0554682
parent 3ed73167e8
commit d8b0554682
3 changed files with 7 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -27,3 +27,8 @@ A school event planner and timetable
 - [ ] Display events as calendar

 - [ ] Create sample data
+
+## Security Pitfalls 
+
+- Auth mechanism not verified
+- Succeptable to insecure direct object references
--- a/server/database.js
+++ b/server/database.js
@ -1,5 +1,6 @@
 import mysql from 'mysql';
 import semver from 'semver';
+
 import { fatal, getVersion } from './utils';
 import { NotFoundError } from './errors';

--- a/server/index.js
+++ b/server/index.js
@ -1,5 +1,6 @@
 import path from 'path';
 import express from 'express';
+
 import Database from './database';
 import API from './api';