Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Oh boy, that's a lot to unpack!
- Did management decide this?
- Did the backend guys not revolt?
- Are there laws against this?
- Is it a public system?
- Is the admin panel running behind a firewall?
- Is the admin panel well protected?
- Could you anonymously report the company to plaintextoffenders?
- How hackable is the system?
- Are you going to object?
Just curious :D -
@alexbrooklyn
1- Yes, management did.
2- One did but their opinion was ignored
3- In Egypt, I don't think so.
4- Nope, private system for schools.
5- Nope no firewall, just regular ass JWT Authentication.
6- Admin panel can be unlocked if you get your hand on a authorization token
7- I will, when I get out for sure.
8- Regarding other security practices, they actually are trying their best.
9- I was told to just accept and do what I was told because I am too young to understand business needs. -
@asgs EXACTLY
If 70%> of the world tells you not to do it, then the business should just go fuck itself (simpler said than done of course...) -
I'd refuse. Damn, I'd rather lose my job but I would not put others' sensitive info in jeopardy. And if they do fire me - I'd blow the whistle for sure.
-
h4xx3r16965y@ahmedHusseinF business needs my ass, I would have argued that you can ask any security professional what's more appropriate and the sure that pain text passwords are not.
-
That's nothing. I had to download bank account details in plain text to my laptop in order to do any development
Related Rants
Short sad story:
The backend team in my company stores plain text passwords and I am making a view in the website to view all the users password in the system
rant
fail
security 101
passwords