[Catalyst] ANNOUNCE: SimpleDB - Auth configuration made easy
Simon Wilcox
simonw at digitalcraftsmen.net
Tue Oct 28 12:20:44 GMT 2008
Matt S Trout wrote:
> On Mon, Oct 27, 2008 at 03:51:49PM -0700, Darren Duncan wrote:
>> Zbigniew Lukasiak wrote:
>>> * Your passwords are stored in the 'password' field in your users
>>> table and are not encrypted.
>> This is always a bad idea. If someone ever gets direct database access,
>> they now know each user's mindset as to how they choose passwords
>
> This is the catalyst list, not the "stating the fucking obvious" list.
If the purpose of SimpleDB is to make things simple for people with less
clue why offer clear text as an option at all ?
Since the best practice is to use hashed passwords why not be
opinionated about it and not offer anything else ?
Surely being opinionated is something we're good at around here ;-)
S.
More information about the Catalyst
mailing list