Hacker News new | past | comments | ask | show | jobs | submit login

Direct DB access isn't typically world-accessible either. It's not like I can do an XML request to get my hashed password on any site.

The point is, if someone has gotten enough access that they can actually get a raw copy of the database, it's just as likely they can get a raw copy of the config files, or /etc/shadow, or whatever else is on the host system.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: