[conspire] Password storage (was: Conspire Hey!)
Nick Moffitt
nick at zork.net
Fri Nov 16 01:55:01 PST 2012
Rick Moen:
> 2. (worse) Yahoo was storing sensitive passwords in _plaintext_.
>
> You never, never, ever do that. That's a chump error. (If you are
> able to get security-sensitive passwords[1] looked up and mailed to
> you, for example, then somebody is making a chump error with your
> data.)
This! A thousand times, this!
I've taken to signing up for web accounts (which I do super rarely) with
passwords that contain all of the usual input sanitization baddies: `;'\
just for a start. If the site says that I must not use those
characters, I jump to a particular conclusion: they are doing input
sanitization on my password because they want to store and manipulate it
in cleartext. They probably weed out the ; and ' because they want to
pass my actual password straight to an SQL INSERT statement or
something, and don't want me to inject my own SQL.
I have no problem with input sanitizing actual clear-text fields. There
are ways to do it that don't become apparent to the user, but I won't
balk *too* strongly if they forbid me an apostrophe in my e-mail
address. But the *password*? They should be storing a normalized hash,
as Rick explained.
--
Though the great song return no more
There's keen delight in what we have:
The rattle of pebbles on the shore
Under the receding wave. -- W. B. Yeats
More information about the conspire
mailing list