This is GemsFamily's Typepad Profile.
Join Typepad and start following GemsFamily's activity
Join Now!
Already a member? Sign In
GemsFamily
Recent Activity
This is yet another example of why passwords should never be stored in a sites database (in clear text or encrypted). The only correct way to store passwords is a salted hash. I knew this two years ago when I created www.my-msi.net. Even if a hacker were able to get a list of emails and 'passwords' the 'passwords' would be useless since more than one password can hash to the same value, there is no way (on earth or heaven) to go from a hash to clear text! Nore do we store credit card info in the database. We let Amazon handle all credit transaction and only the cookie that Amazon returns is stored in the database. I dare anyone to try SQL Injection on the site. It is written in ASP.Net and those controls neuter SQL!
Toggle Commented Dec 15, 2010 on The Dirty Truth About Web Passwords at Coding Horror
GemsFamily is now following The Typepad Team
Dec 15, 2010