The risk of to the users of access to plain text passwords is far greater, since many (most) users use the same password for similar types of sites. (I say that hoping people use a different password for online banking while they use another password for gmail, yahoo, <your system>, NYT, etc.)
Next up, support having to ask customers for the password to access the account! On Apr 21, 7:03 pm, "Simon Macneall" <[email protected]> wrote: > We've got the same thing where I am at the moment. The old .net app has the > passwords stored in plain text in the Db. I guess if you get as far as being > able to log onto the db, then you have already gotten full access to the > system, but still seems wrong. > > Simon > > On Wed, 22 Apr 2009 09:25:39 +0800, Matt Jones <[email protected]> wrote: > > > He's still doing it better than the dev shop I once cleaned up after - > > they appeared to think that base64 encoding was a form of > > encryption... > > > Although, it did save me a lot of trouble when migrating users over to > > the new system. > > > --Matt Jones --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
