|
|
|
|
|
|
by fatjonny
4830 days ago
|
|
|
I think there are some cases when storing passwords in clear text is valid. One example: A website has educational content. Teachers can sign up students in their classrooms. The teacher's password is stored securely, the student's password is not. The student password is shorter and automatically generated. The goal is to make the password just hard enough to not be guessed by other students, but not so hard that the student can't remember it. It is stored in clear text so that the teacher can look it up for the student, or print out the password to pass out to the student, etc. The student account is only given access to the content. The worst thing that happens if a student's password is guessed is that another student can mess up their progress tracking. Is there a reason the student passwords should be encrypted in the database? |
|
|