API information leakage
One-sentence description
Some private information is leaked from the database through the API.
Why?
When the ThaliApp requests events information from the website, private information is revealed. For example, the registration dates of every participant of an event and their member ids.
Current implementation
When querying the API, data is returned that is private and seemingly unnecessary.
Desired implementation
The API should only return necessary data.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information