Not wanting to belittle the IT profession in any way - I'm genuinely interested in people's perception here - but would this really be considered as IT?
5 posts • joined 15 Jul 2009
Ugh - there should be laws against systems that store peoples' passwords in such an insecure manner. Rather than store the passwords, a secure hash of the password should be stored instead. If, at login, I can produce a password that results in the same digest as the one stored in the database then access is granted. At worst, an SQL injection attack would result in the database spewing out a load of hash values.
OK, so someone could still calculate a hash of "12345" and see whose username matches it, but at least those with relatively obscure passwords would still be afforded some additional protection.
Biting the hand that feeds IT © 1998–2019