Link Details

Previous | Next

Surprise Me!
Link 9232 thumbnail
User 111696 avatar

By bloid
via blog.moertel.com
Published: Dec 16 2006 / 06:22

Never store passwords in a database!
Recently, the folks behind Reddit.com confessed that a backup copy of their database had been stolen. Later, one of the Reddit developers, confirmed that the database contained password information, and that the information was stored as plain text. Had they salted and hashed the passwords, the thief would now be in a very different situation.
Vote up
Vote down
  • 10
  • 0
  • 1404
  • 404
SaveShareSend Tags: ,

Comments

Add your comment
User 212072 avatar

Binny V A replied ago:

0 votes Vote down Vote up Reply

If you hash the password(MD5/SHA1), retrieval is impossible. So 'Forgot Password' will not work. Yes, you can reset the password - but that tends to irritate the users.

If you are maintaining a critical website - where unauthenticated access can create real problems, there is no excuse for not hashing the password. But in the case of reddit, that is not so important.

The lesson to be learned here is not to use the same password on all sites.

User 200984 avatar

jgarifuna replied ago:

0 votes Vote down Vote up Reply

freaking idiots. One would think they know better by now.

Add your comment


Html tags not supported. Reply is editable for 5 minutes. Use [code lang="java|ruby|sql|css|xml"][/code] to post code snippets.

Voters For This Link (10)



Voters Against This Link (0)