Hacker News new | comments | show | ask | jobs | submit login

I've never been a fan of the idea that programming be treated like other professional work like Architects or some such where people are held liable for accidents resulting from their work, but at the same time, I'd be very much down for some public shaming of people that implemented unsalted, or even salted, MD5 hashing for password storage.

You should know better or you should know well enough to stay away from security. It's like the people stumbling into a mailing list and asking "How should I write my own password hashing function" alongside more-or-less, "How do I do string comparisons in this language". I let out a whimper as I read that post.




Not only that, it's pretty pathetic to be susceptible to an injection attack anyway.

Though, I suppose it would be easy to find a hacking target based on which services email you your password in plain text if you forget it.


you'd be even hard pressed to find a well upvoted and accepted answer on stackoverflow that suggested to do this type of implementation




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: