To prevent unauthorized account access due to weak temporary passwords, which can be easily compromised.
defmodule MyAppWeb.UserController do
use MyAppWeb, :controller
def create_temporary_password(conn, %{"username" => username}) do
temporary_password = "password123"
hashed_password = Comeonin.Bcrypt.hashpwsalt(temporary_password)
# ... rest of the code
end
end
In this insecure code, the application assigns a static, weak temporary password for all users who request it. This can lead to an attacker easily guessing the temporary password.
defmodule MyAppWeb.UserController do
use MyAppWeb, :controller
def create_temporary_password(conn, %{"username" => username}) do
temporary_password = :crypto.strong_rand_bytes(12) |> Base.encode64 |> binary_part(0, 12)
hashed_password = Comeonin.Bcrypt.hashpwsalt(temporary_password)
# ... rest of the code
end
end
In the secure code, the application generates a strong, random temporary password for each user request. This prevents an attacker from easily guessing the temporary password.