Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re^3: Status of Recent User Information Leak

by Anonymous Monk
on Aug 04, 2009 at 08:52 UTC ( #785692=note: print w/ replies, xml ) Need Help??


in reply to Re^2: Status of Recent User Information Leak
in thread Status of Recent User Information Leak

Instead of criticizing the admins and debating whether they have neglected a security aspect we should be glad that they could bear the hassle of running this free site and all the bedeviling shots that come along, without PM all of us would be punching in the dark sometime somewhere to get a certain code working

There is no question that the site bears some useful purpose. But such a fundamental mistake as to directly expose plain-text passwords absolutely deserves strong criticism.

Only a few months ago I stood my ground (through a protracted potentially career-limiting argument) with a project manager about salting passwords used for a website I was involved with the creation of. He didn't get it because he wasn't technical. The Admins of this site, however, should have "got it".

I can no longer post to this site using my original user name as my e-mail address has been published and could well be used to infer projects I am involved with. However that's inconvenient, not unforgivable, as hacks happen. Having to change other sites' passwords as a result of plain text leaks, however, is intolerable.


Comment on Re^3: Status of Recent User Information Leak
Re^4: Status of Recent User Information Leak
by Anonymous Monk on Aug 05, 2009 at 01:40 UTC
    directly expose plain-text passwords

    What do you mean by directly expose?

Re^4: Status of Recent User Information Leak
by Your Mother (Canon) on Aug 05, 2009 at 05:08 UTC

    I've said before that I agree it was a bush-league mistake and it would be nice to see the site practice what we all preach but I'm getting sick of critiques like yours because they're all fundamentally flawed. As every sign-in on this site is under http and not https your password is sent as clear text regardless of how it happens to be stored on the site. It's inherently insecure.

    (update: noticed parv, and others, brought this up already.)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://785692]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (10)
As of 2014-07-24 11:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (160 votes), past polls