Re: Can someone please explain
Easy and also why passwords are still stored in clear.
1) Thing gets built yonks ago.
2) Time moves on, front end (customer facing bit) gets updated with more gloss.
3) SQL injection vuln / lack of hashed passwords / etc gets spotted by techy types who raise issue.
4) Project types ask which business unit is sponsoring / paying for costly changes to fix.
5) Nobody on the business side will pay for changes as it's not their problem / has no business benefit and the changes get descoped from this update.
Repeat 3 through 5 ad infinitum.
A known side effect of the "start with the business case" approach to software development is that technical and security fixes never get done, as the only people that give a shit about this sort of thing have no budget to make the changes.