6 lines
163 B
Plaintext
6 lines
163 B
Plaintext
bcrypt passwords
|
|
session management using proper random tokens
|
|
CSRF protection
|
|
input validation to avoid XSS and injection
|
|
only allow signup, login ecc over HTTPS
|