Re: [PHP] Re: why are passwords stored encrypted in databases even when thedatathey protect is stored in the same database?
- Date: Sat, 14 Jun 2008 08:07:32 +0300
- From: "Usamah M. Ali" <usamah1228@xxxxxxxxx>
- Subject: Re: [PHP] Re: why are passwords stored encrypted in databases even when thedatathey protect is stored in the same database?
Taking into mind that email addresses extracted out of hacked
databases is one of the main spam industry seeders, I always wonder
why web application developers don't consider encrypting emails the
same way they consider encrypting password! Once a hacker has full
access to a database, an encrypted password becomes like locking the
door while keeping the window open!
Say a user has an account in some discussion forum, that uses an open
source, or visible-source software. She has about 5000 posts in which
she has expressed her personal opinions on just about many things. Now
what a hacker has to do is to dump the database into a local server
running the same software, and begin analyzing the data, creating
well-crafted lists of "potential customers" for which he's going to
deliver very well-targeted mailing newsletters!
Regards,
Usamah
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php