|
|
|
|
|
|
by glvn
2621 days ago
|
|
|
I can sort of see why and it's for the same reason databases are left wide open. You start a project. You set up a DB with minimal security because you're just starting the project, and you figure that down the road before you release to the public, you will secure that DB. A few weeks/months pass and you are ready to release your app into the wild. But by that time you are focused on other things and that unsecured DB is forgotten because it has "just worked" since that initial setup. You release and sometime later something like this happens because that DB never got the attention to security it needed because it "just worked" and was forgotten. Don't get me wrong this is still very bad. But I can see how an unsecured server/plaintext passwords happen. It's not by design b but rather a shortcut you took way back when that you have since completely forgotten about. |
|
|
* identify a hashing library * install/import it * call it (when storing the password and when comparing)
It’s a matter of minutes really.