Matt S Trout wrote:
On Mon, Oct 27, 2008 at 03:51:49PM -0700, Darren Duncan wrote:
Zbigniew Lukasiak wrote:
* Your passwords are stored in the 'password' field in your users
table and are not encrypted.
This is always a bad idea. If someone ever gets direct database access,
they now know each user's mindset as to how they choose passwords
This is the catalyst list, not the "stating the fucking obvious" list.
If the purpose of SimpleDB is to make things simple for people with less
clue why offer clear text as an option at all ?
Since the best practice is to use hashed passwords why not be
opinionated about it and not offer anything else ?
Surely being opinionated is something we're good at around here ;-)
S.
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
