API information leakage

One-sentence description

Some private information is leaked from the database through the API.

Why?

When the ThaliApp requests events information from the website, private information is revealed. For example, the registration dates of every participant of an event and their member ids.

Current implementation

When querying the API, data is returned that is private and seemingly unnecessary.

Desired implementation

The API should only return necessary data.

Edited Jun 25, 2017 by Joren Vrancken

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information