Currently, anyone can access anybody's account on MOPHY-lite by knowing the end-user's "hosting_client_key", which can be easily done by brute forcing numbers 0 through 999,999: https://github.com/NXTS-Developers/MOFHY-Lite/issues/53
However, what if you change the code, so that when the end-user signs up, the "hosting_client_key" doesn't generate numbers 0 through 999,999, but instead uses a combination of numbers and letters? This makes it much harder to brute force.
Or will doing this break something? (My apologies if this is the stupidest idea ever)
While this is probably not the most ideal solution, it is at least a somewhat efficient way of dealing with the problem, until an actual fix is made.