Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Elyz78096yI don't understand how this shit happens. Anyone who attended any kind of schooling for anything IT or programming related should know better than to do crap like that. Is it just a case of "it takes too long, do it the fast and easy way and just store it plain" from a manager? Even then.. 🤔
-
@netikras bro can't share link here
Many expert's peoples are on thse platform who can easily exploit website. -
C0D4681386y@import-fun $700 for an ecom website 😂
what could possibly be actually right about that?
@PonySlaystation and I would like to do some err research 😏 -
@C0D4 bro i am talking about lowest price of product on that site is 700USD and highest price of product is 24000USD.
-
C0D4681386y@import-fun oh I read that wrong then .
Still if there’s plain text passwords, I would hate to think what else is actually wrong with it. -
@C0D4
without SSL + plain text password
premium products
high profile clients information
company paid $8500 before 3 years -
C0D4681386y@import-fun 😯that’s a recipe for disaster waiting to happen - ok don’t name shame, or they may get an email tonight with their DB attached 😨
You cant add let’s encrypt/
Certbot just to get you out of the woods of the SSL issues?
plus passwords... just throw a hash/salt algo in place and wipe every password out, hell generate a hash/salt with their current passwords so even users don’t notice the major change.
I’m actually frightened of signing up to any site now just based on this rant. -
@Elyz well one scenario could be a intern is asked to create a poc.
The intern decides that a password in plain text would suffice for the time being.
A manager only sees the front-end and is very impressed by it. He wants it put in production asap.
Intern not having a clue about the password anymore just does his work and leaves the company.
End result: an web application which has passwords in plain text -
Synti10036y@C0D4 Let's call it first aid 🤣
I wonder... How many possible SQL injection attack vectors there would be if the starting point for security is plain text passwords.
"What is a second hand SQL injection?"
"Lol why use utf8mb4.. "
"Well the difference between our SQL servers encoding and the backend encoding is not a big deal!"
Related Rants
A ecom website which sales premium gold product from 50k to 170k INR.
database : mysql
all passwords and user ID's are saved in plain text.
rant
wk133