<pedrocorreia.net ⁄>
 

<Never store passwords in a database! ⁄ >




clicks: 2887 2887 2006-12-16 2006-12-16 goto misc myNews misc  Bookmark This Bookmark This


Recently, the folks behind Reddit.com confessed that a backup copy of their database had been stolen. Later, spez, one of the Reddit developers, confirmed that the database contained password information for Reddit's users, and that the information was stored as plain, unprotected text. In other words, once the thief had the database, he had everyone's passwords as well.

Had the folks at Reddit salted and hashed the passwords, the thief would now be in a very different situation. Instead of holding all the keys to the kingdom, he would face the prospect of a potentially expensive search for each and every user's password he wanted to extract from the database. The expense of the search would likely have dissuaded him from making the attempt in earnest, given how little exploitable value a Reddit account represents. In short, the passwords would have been secure, even though the database had fallen into the thief's hands.

Why, then, didn't Reddit's programmers salt and hash the passwords before storing them in their database? Because, according to the earlier post by spez, they wanted to be able to send forgotten passwords to users via email. It was a design decision: they weighed the risks of having plain-as-day passwords in the database against the convenience of being able to email users their forgotten passwords and decided that, in the balance, convenience carried more weight.



este é só um excerto do artigo, para aceder ao artigo completo, clique no link em baixo:
this is just a small excerpt from the article, to access the full article please click in the link below:

http://blog.moertel.com/articles/2006/12/15/never-store-passwords-in-a...




Subscribe News RSS  Subscribe News Updates by E-mail





myNews <myNews show="rand" cat="misc" ⁄>

Adobe Photoshop CS6: Improvements for Web and UI Designers new ...

Photoshop CS6 has been hailed as a huge improvement for web and UI designers. I'm going to share wit (...)

clicks: 15227 15227 2012-05-14 2012-05-14 goto url (new window) webdesign.tutsp... goto myNews misc


Camera Exposure Modes Explained new ...

If you're just getting started with photography, the letters on your camera's dial might feel like h (...)

clicks: 13239 13239 2012-05-13 2012-05-13 goto url (new window) photo.tutsplus.... goto myNews misc


45 Fresh Collection of High Quality Free PSD Files new ...

What else can be so great for a designer than finding out high quality Photoshop PSD files? This is (...)

clicks: 7986 7986 2012-05-09 2012-05-09 goto url (new window) smashingapps.co... goto myNews misc


15 Free High Quality ToolTip PSD's new ...

A tooltip or infotip can be defined as a graphical hint that is incorporated with the website design (...)

clicks: 9582 9582 2012-05-07 2012-05-07 goto url (new window) smashingapps.co... goto myNews misc


40+ Elegant Examples of River Photography

River photography is one of the beautiful type of photography, photographers take pleasure in this w (...)

clicks: 5580 5580 2012-05-04 2012-05-04 goto url (new window) smashingbuzz.co... goto myNews misc


40 Fresh And High Quality Free Icon Sets In PSD Format

Here is yet another exciting collection of high quality Free Icon PSD files for the designers that t (...)

clicks: 6304 6304 2012-02-19 2012-02-19 goto url (new window) smashingapps.co... goto myNews misc


15 jQuery Calendar Date Picker Plugins

In this collection, you will see some of the best jQuery Calendar Date Picker Plugins that will allo (...)

clicks: 6212 6212 2012-02-18 2012-02-18 goto url (new window) smashingapps.co... goto myNews misc


50 Beautiful Yet Free HTML5 And CSS3 Templates

HTML5 templates are getting very popular these days because all professional HTML5 templates are com (...)

clicks: 6694 6694 2012-02-17 2012-02-17 goto url (new window) smashingapps.co... goto myNews misc