My point was that you characterized the act of stealing them as waiting for a good exploit to come along and then finding a poorly secured box that you can target. Which says that for most developers, worrying about it is Someone Else's Problem. It also comforts a lot of people that they are OK because they have a firewall in place.
in reply to Re: Use placeholders. For SECURITY!
in thread Use placeholders. For SECURITY!
I think that developers should be far more paranoid than that.
Also while I agree that people have a lot of obvious problems which cause more failures than whether or not to use encryption, that is not a good reason to avoid using encryption. Sure, one step in the chain being done right or wrong doesn't usually make that much of a difference. But if people at each step assume that all of the others are wrong, then you don't really have much of a chain at all. Start getting things right where you can control them (your piece) and work from there. SSL doesn't solve your basic problems, but it is an easy thing to do that does solve some that come up.