Can a MongoDB Employee confirm this email confirmation script is legit?

SirSwagon_N_A · March 7, 2022, 4:06pm

A user commented a really helpful and simple approach to email confirmation, password resetting and more: Email Confirmation Script for User Authentication via Email Address - #8 by Sebastian_Gadzinski

I wonder if the code this user provided us with that links to this script: https://unpkg.com/realm-web@1.2.0/dist/bundle.iife.js is safe to work with, or does it contain any secury breaches that would, for example, allow third parties to read out a user’s freshly changed password?

Thanks in advance.

kevinadi · March 7, 2022, 11:55pm

Hi @SirSwagon_N_A

The URL there is the one that is used in Realm Web Quick Start (you can see it under the CDN tab). Specifically, it refers to version 1.2.0 of the SDK.

I would recommend using the latest version of the SDK instead by linking to https://unpkg.com/realm-web/dist/bundle.iife.js instead of using a specific version, as per the documentation page linked above.

Hope this helps.

Best regards
Kevin

system · March 12, 2022, 11:56pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.