I might say
You should change your name to just lanky or lanksy before getting verified
So that there's no impersonation or anything
If you're get verified you can't change ur name
Bundle has all user information public here: https://replit.com/@lankybox02/bundle-api?v=1#auth.json
This is really bad. Firstly all tokens have to be hashed to be kept secure, which is very bad for performance, and yet all the hashes are still public. Secondly, having them hashed doesn’t mean they can’t be cracked, someone could run a script to crack these passwords pretty quickly.
This is basically a data breach, this information should not be public.
The real solution to this is to not use ReplIt. I know it may seem good because it’s free hosting, but user sensitive information such as password hashes should not be stored on there. Also if you use a better solution you can make it not hash tokens, making it perform a lot better.
I bought a database to use but my computer is broken and i won't be able to use it until roughly at the end of june
Well, just saying, having password and token hashes public is basically a data breach and you may be in breach of a few laws for data protection stuff.
For now, I’ll suggest you to temporarily disable login and sharing and do the usual data breach remediation protocol (things like notifying the users, storing the assets, or worse purging the account data)
For now I’ll just wish why I haven’t use Dot’s password.
Or use replit database instead of storing it in a public file, but that has a 50mb limit.
I’m sorry to hear that. My intentions of pointing out how insecure the database was, was not to get Bundle shut down. I hope you’re able to bring Bundle back one day.
how did mee6 get verified? do you remember?
its kinda weird because jeffalo says non of the mods did it