Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@olback I know but if we are talking about someone that literally stores the passwords in plain text, you expect them to put even the extra effort to get their shit together and use Bcrypt (assuming they are even coding anything after v5.6)
-
olback107947y@legionfrontier if you're Hemmakväll, a candy store in Sweden, they store passwords in plain text...
-
The website of a local movie theater allows you to create accounts without email verification, if the password has more than about 8-10 symbols it gets truncated internally which means you can't login, and the page for resetting the password contains links to some information about the server.
I'm not sure if they store passwords in plaintext, but everything else would surprise me. -
This "rant" doesn't make sense at all.
Sure it is unsafe and fucking stupid to store passwords in plaintext, but this has nothing at all to do with TLS/HTTPS...
If somebody thinks that both have something to do with eachother, then that person should seriously check his code. Sending a password form the server to browsers is extremely stupid and should lead to immediate termination of its developer.
HTTPS or not. Hash AND salt passwords, only check passwords ON the server. -
@PonySlaystation You shouldn't check passwords on the server. Because if the server has the password, then something is wrong. You meant the hashes of the passwords.
You know I had to correct you after you did it with the OP. 😋 -
iamroot41217yWas teaching a friend how to code and on his own he made a "Hashing" Algo and basically what it does is jumble the password. He still can't figure out how to make it unscramble. That's how you're supposed to store passwords.
-
It's one of many possible vulnerabilities. It's not like a door, it's like a house with many windows and doors.
Related Rants
When a website uses https but stores passwords in plain text...
rant
security
https
plaintext passwords
locker