|
|
|
|
|
|
by rwmj
5188 days ago
|
|
|
Passwords were not hashed in the database, because it made no sense for me (as the site administrator) to do that. As the site admin it's entirely beneficial for me (not for you) to see your password. Of course if you're the sort of user who uses the same password on every site, then it benefits you a little bit if the site hashes the password. The site admin or an attacker can still easily steal your password when you log in, so the benefit is small. But by doing this you're trusting every site, which is stupid. Users should use a completely different, randomly generated password for every site, then whether or not the site hashes the password doesn't matter. |
|
|