|
|
|
|
|
|
by LordKano
3781 days ago
|
|
|
Back from 2009-2010, I did work as a web developer on an ecommerce site. A month or so in, I discovered that they kept all of the user password unencrypted in a database. I went to my boss and explained that we can't do that. It's inviting exploitation. He responded to me that we had to keep them in plain text, in the database so that we could send them to users who forgot. If they can't login, they won't order product. I have heard similar stories from other IT professionals. It's amazing that these operations aren't getting pwn3d twice a week. |
|
|