[thelist] Securing a Web Application

Chris W. Parker cparker at swatgear.com
Fri Oct 21 11:52:00 CDT 2005


Ivo P <mailto:ipletikosic at gmail.com>
    on Thursday, October 20, 2005 2:45 PM said:

> You probably already know this but when it comes to logins there is
> value in not storing passwords themselves. Instead store a hash of
> the password so that if your app were cracked plaintext passwords
> wont be revealed.

Which is important not so much because the attacker will be able to log
into your users' accounts on your website (considering he's already
compromised your data) but because people tend to use the same passwords
on many sites.


Chris.

p.s. Don't delete the entire (original) message when you reply since it
makes it almost impossible for posterity to know the context of your
email.



More information about the thelist mailing list