Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
If you entered the name of your lover as a password, you sure would feel uncomfortable.
-
rove24018y@BlackMagic You are wrong, they can take the password from the input and verify it in real time
-
afflict10208y@wubstepper most users are so trusting with their credentials, they shove it into everything including their neighbour's mailbox. We love our beloved users, guys like these just make them victims... which also angers me. Cause once you have their credentials from this site, very few users use multiple passwords for various sites.
-
rove24018y@wubstepper
1. I think that quite nobody will care if you encrypt everything...
2. Encrypt everything makes code maintenance very hard -
lerk488y@altermind that's not the point. The important part is how many care when you *don't* encrypt everything.
-
satoshi1558yIt would be great if it prints out the other user's username who is having the same password.
-
bweston1618y@wubstepper how are you indexing posts for site searches etc? (Obviously would take to long to decrypt all posts and search every time someone search)
-
bweston1618yAlso nothin states that this information is not hashed uniquely to a user, the user aggregate could have its own copy and separate context could just have the stuff piped through in order to for-fill this feature. Yes it is a shitty feature but the implementation doesn't have to be insecure. Especially if it is in a different database like users in MySQL and this feature in Redis or something.
-
@all Guys, I found it on Twitter and took screenshot and posted it here. Let me try to find original tweet and share the link here.
PS: As there are lot of people asking for the website tried @all. I'm sure it will not work but fuck we devs try anyway. -
bweston1618y@wubstepper so you store the post keywords unencrypted in a map table pointing to a URL?
-
codelis10518y@wubstepper They could just hash your input and compare the hashes, so this doesn't mean that they sore unencrypted passwords
-
puneet6608yIf it was written "you can't use your old password " then it was understoodable but no one displays warnings like this, i guess you are the one doing this locally by creating a fake sample page 😌
-
@puneet, as I mentioned I found it on Twitter and shared it here. You can see the link for original tweet in one of my comments
-
JaggerJo9408y@bjorngi @blackmagic
At least ist means they dont salt or pepper their hashes... Hashing is not enougth.. -
@wubstepper Why does it matter? I think depends on what the password gives access to. Imagine, you wouldn't lock in a standard 1 cent coin without any market or sentimental value in a large EX classed vault. Because that would be overkill^3.
Same with sites having bad security. If the password is, for lets say saving some sorting preferences on a site, who cares about if the passwords leak?
But its another thing if it were a web shop with saved orders, sensitive info like CC numbers and so on. -
Djeisen1538y@sebastian Every password on every site needs to be secured at the minimum level (hash and salt) because users are not smart enough or industrious enough to create new passwords for every site. At that point, the password you are storing is more valuable than your content.
-
It's a little unnerving that half the people in this thread, based on their comments, have no clue how security works.
-
JaggerJo9408y@edisonn
Even if they do it right on their backend, expising a message like that is definitly a security issue ... -
sylar23848yI'll prank some users with that soon but only with js, no actual password queries shyt
-
apeixinho08yI smell a business requirement, that really needed to get pushed, and somebody just didn't say ... "WTF that's dangerously stupid"
-
Strosser258yI don't think this is a bad thing, apart from the fact that passwords aren't being salted. Using a password that's in common use is a huge security risk for the user, and forcing a unique password goes a long way toward improving security. Easy-to-guess passwords get knocked out of the pool early.
-
This is some next level stupidity. Not to mention a complete lack of privacy/security. Smh.
-
Just realised this could be a great idea to stop common password usage.
The someone else could literally be the list of most common passwords dumped online that attackers use to try stop people using them -
That's not a Security threat, that information is useless. Even I can say someone in this world has a given Password. It might be useful if someone keeps a weird Password like you and you have found your "Soulmate"
Creepy..... WTF
undefined