Favour Idowu | cracker 🎭

I build Scalable web based Applications for founders and businesses What do you do?

@simpsoka Happy birthday 🎉

Gm. It’s my birthday today. Taking the day to enjoy this. Hope y’all have a good day!!

@IwuezeAmarachi @framer @jornvandijk Hi 👋

@framer @jornvandijk Hiiii😍 @solvynsupply/" target="_blank" rel="nofollow noopener">framer.com/@solvynsupply/

Who needs some followers? Drop your @framer community profile below so everyone knows who you are!

@tomilola_ng Looks like a game, what are you building??

Still building mobile apps!

I'm tired of getting 3 likes man. I need brothers and sisters in tech, AI, startups, marketing, distribution, vibecoding to come to my rescue. Let's connect

Bro, Confidence is almost everything, You might be smart but the person with confidence will win you always…

If you are certain that, a day would come where millions would use your Solutions. Quote this with what you are building. #connect.

@authorityhacks 😂😂

@favour_eng Nice 🙂‍↕️

Rate me setup😂😂😂😂

Now AI can build and ship features in few seconds, It’s really hard to keep things simple,

@InsiderPhD Let me guess, a Smart watch??

You’ll never guess what my favourite display technology is

@MKBHD Apple is adding touch screen to Mac ultra?

NEW VIDEO - Adding a touchscreen to the Macbook Pro to feel what it would be like when the rumored Ultra finally does come out: youtu.be/WOzcFkld6_g

@elonmusk What are you cooking??

It is humbling to consider that if we harness just 1 millionth of the Sun’s power for AI, that will be much more than a million times the intelligence of all of humanity

@God_streasure7 Like for real bro It’s just Tuesday 😰

@favour_eng U no go tire oo😭 We still dey Tuesday

This 9-5, I am tired. Oh 😰

@tech_queen Crazy, they said they will do it and they did..

SpaceX is acquiring Cursor for $60B🤯

Spent way longer than I’d like to admit debugging a CORS error on Pyramid School’s backend. Turns out it wasn’t Flask at all, it was how Vercel was proxying requests to Render. Fixed now. Onward 🚀

🎉

@romerodiario Check this out 😂😂

Every developer has written something like this at least once. Here is why it should never reach production. 1. No authentication or token verification This is the most critical one. Anyone who knows or guesses a valid email address can reset that user’s password to anything they want. There is no reset token, no email verification step, no proof that the person making the request actually owns the account. You just send an email and a new password in a POST request and you own the account. That is not a password reset flow. That is an account takeover endpoint. 2. Password stored in plaintext The newPassword value goes directly into db.updatePassword with zero processing. No hashing. No salting. The password lands in the database exactly as the user typed it. If that database is ever breached, every single user’s password is immediately readable in plain text. 3. No input validation There is no check on what newPassword actually contains. Empty string, a single character, null, a 10,000 character payload. All of it goes straight to the database. No length requirements, no complexity checks, nothing. 4. No rate limiting This endpoint accepts unlimited requests with no throttling or lockout mechanism. Combine this with vulnerability one and you have an endpoint that can be automated to take over accounts at scale. 5. User enumeration The endpoint only responds when a user exists. Silence on a non-existent email tells an attacker exactly which addresses are registered accounts. That information has real value in targeted attacks. Five vulnerabilities. Twelve lines of code. This is what happens when security is an afterthought.