Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
My old job my boss refused to hash the user password even after I pleaded with him about the security risks....
addvilz4437yStarting from 2018 in EU and for companies handling data of EU folk this level of stupid will be penalized with a hefty fine of 20 million euros or 4% of annual turnover, whichever is higher, in case of a breach.
I just looked at maxons (the creator of cinema4d) student website (reg.maxon-campus.net/login/) they dont hash the passwords either !
aceface3407yLooked through the DB at the last place I was at and some customers thought the first and last name fields were the password fields, so their passwords are stored in plain text next to the hashed pw...
Hackers Delight since theyll know the password and hashed version...
Love getting emails containing my password over an insecure dinosaur of a system.
Makes me have confidence in the world.
I had a (recent!) client that was all single vendor for their dev tools (e.g. Git) with single sign on. I got my account sent to my email.. went to log in and felt stupid for not finding the "change password" from the simple one that was obviously a temp password. Ohh, but it wasn't temporary.
They used the same password across almost 100+ developers. You weren't allowed to change it 'in case they needed to access your account' (my jaw hit the floor when the project manager said this).
I asked a friend I had there in IT Sec and he looked up, laughed, and said "told you it was bad". I tried to get them to change it since we had remote access, but convenience won over security : /
I can top this.. recently was redoing a web app for user account access.. the sql database had everything from SSN to place of birth.. the original web app was also vulnerable to super simple sql injections.. I ended up deleting the complete database and started fresh.
Boss:why did you do that? No one knows how to see this stuff.. #facepalm