Hacker Newsnew | comments | show | ask | jobs | submit login

> It obviously won't help if your database is compromised

Good news, everyone: it will!




No, it won't. They can just write a new password + salt in the db and get in as that user.

-----


Well, we need to define the attack if we're going to talk about what will and won't help. Generally when we talk password security, we assume the attack is to discover a large number of users' passwords, not to spoof as one. Additionally, it's more common to get read-only access to the data than it is to be able to execute arbitrary queries against the DB.

-----


But maybe that's not want you want to achieve?

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: