26
iamroot
2y

When your client wants you to store password in plain text and it makes your life easier but it still feels really wrong

Comments
  • 0
  • 6
    Please don't :'(
  • 4
    Is one even allowed to do that?
  • 8
    Cash the cheque and report them to the GDPR regulator anonymously
  • 2
    @620hun us only company :(
  • 2
    I'd downright refuse unless it was bcrypt or sha256
  • 2
    That's when you dump the client.
  • 3
    Refuse.
  • 4
    Never. Even less so if they ask for it. This literally has no ethical and sustainable use cases.
  • 6
    “Sorry, but no. I won't contribute to you getting hacked.”

    You know what happens when your client gets hacked? It's all your fault. Sure, he told you to store the passwords in cleartext, but you should have made it so he didn't get hacked in the first place. Nothing you say will make him change his mind, the blame falls entirely on you and he'll make sure that all his customers know that you screwed him by not storing cleartext passwords securely.

    Even if your client turned out to be an understanding person, better prepare for the above scenario. 😉
  • 0
  • 0
    What? Hope the client doesn't have real customers
Add Comment