388
olback
3y

When a website uses https but stores passwords in plain text...

Comments
  • 6
    I never understood this, this is one of the few sickest joke that I heard about database security, at least hash them into SHA1 you fucking retard
  • 1
    @legionfrontier if you even bother trying, go with bcrypt from the start.
  • 1
    @olback I know but if we are talking about someone that literally stores the passwords in plain text, you expect them to put even the extra effort to get their shit together and use Bcrypt (assuming they are even coding anything after v5.6)
  • 2
    @legionfrontier if you're Hemmakväll, a candy store in Sweden, they store passwords in plain text...
  • 4
    @olback Legion Front Recommendation of the day:
  • 1
    The website of a local movie theater allows you to create accounts without email verification, if the password has more than about 8-10 symbols it gets truncated internally which means you can't login, and the page for resetting the password contains links to some information about the server.

    I'm not sure if they store passwords in plaintext, but everything else would surprise me.
  • 1
    @olback No fucking way.... Vafan är det för någon jävla skit jag hör
  • 1
    @RAZERZ used to* they got hacked btw
  • 0
    Ah, so that's what the picture looks like in Portrait view, and not 4/3 view on the web..
  • 9
    This "rant" doesn't make sense at all.
    Sure it is unsafe and fucking stupid to store passwords in plaintext, but this has nothing at all to do with TLS/HTTPS...

    If somebody thinks that both have something to do with eachother, then that person should seriously check his code. Sending a password form the server to browsers is extremely stupid and should lead to immediate termination of its developer.

    HTTPS or not. Hash AND salt passwords, only check passwords ON the server.
  • 3
    @PonySlaystation
    Salt and Hash

    Yes, I am fun at parties 😇
  • 1
    @olback AJAHHAHAHAHAHAHA rätt åt jävlarna
  • 3
    @PonySlaystation You shouldn't check passwords on the server. Because if the server has the password, then something is wrong. You meant the hashes of the passwords.

    You know I had to correct you after you did it with the OP. 😋
  • 2
  • 3
    Was teaching a friend how to code and on his own he made a "Hashing" Algo and basically what it does is jumble the password. He still can't figure out how to make it unscramble. That's how you're supposed to store passwords.
  • 0
    It's one of many possible vulnerabilities. It's not like a door, it's like a house with many windows and doors.
Add Comment