| ▲ | pinkgolem a day ago | |||||||
I am just puzzled why delifue calls something that, as far as I know is pretty standard across the industrie, bad practice | ||||||||
| ▲ | treve a day ago | parent | next [-] | |||||||
There's 2 cases being discussed. A UUIDv7 is a bad secret, but it's fine for many other ids. If I can guess your user id, it shouldn't really matter because your business logic should prevent me from doing anything with that information. If I can guess your password reset token it's a different story because I don't need anything else beyond that token to do damage. | ||||||||
| ▲ | nesarkvechnep a day ago | parent | prev [-] | |||||||
Because it is? | ||||||||
| ||||||||