I absolutely agree. An even better structure wouldn’t have a raw password field on the user object at all.

In addition to the excellent points made by steventhedev and koper:

user.password = await hashPassword(user.password);

Just this one line of code alone is wrong.

1. It’s unclear, but quite likely that the type has changed here. Even in a duck typed language this is hard to manage and often leads to bugs.
2. Even without a type change, you shouldn’t reuse an object member like this. Dramatically better to have password and hashed_password so that they never get mixed up. If you don’t want the raw password available after this point, zero it out or delete it.
3. All of these style considerations apply 4x as strongly when it’s a piece of code that’s important to the security of your service, which obviously hashing passwords is.

Zom 100 does this correctly, preserving and enhancing the tone of the series.

1. Get a flip phone or a phone that isn’t absurdly large.
2. Wear pants that fit. You might need elastic if you’re literally running.
3. Back pocket. 4 ???
4. Profit

Let’s not idolize ourselves as homewrecker

Wait, so they had time travel back then? Why don’t we have time travel anymore?

Why would they need a tossing after they had bridges 😳

You have a point there

Like a pizza fresh out the oven - gooey and even sticky on one side, crusty on the other

I don’t trust them first off, but even trusting them to not voluntarily disclose it doesn’t mean they won’t have a security breach and disclose it involuntarily. Also, the database has to be created and queried somehow; some employees and govt workers will be able to see what queries are made. Even trusting the business and the govt and the security of both, I don’t trust those random people having access to that info.

What evidence do you have to give the website that you are person X that they’re running the database query against? If that’s an ID there’s going to be some available online, or a kid can just sneak it from the parent. Everything I’ve heard proposed for the identification strategy is either grossly invasive or quite easy to step over.

I don’t believe that Canada will actually enforce this across all websites. If they do it on only the large/main ones, it makes it harder for kids to access the relatively safe and legal porn hosted on sites making effort to follow the law, and pushes them towards sites that aren’t making such an effort and therefore probably have more objectionable content.

I don’t eat lunch