Timeline for Is my developer's home-brew password security right or wrong, and why?
Current License: CC BY-SA 3.0
12 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 9, 2018 at 19:21 | review | Suggested edits | |||
| Nov 9, 2018 at 19:40 | |||||
| Dec 12, 2017 at 6:51 | comment | added | forest | @MarkBuffalo Of course I have access to the code. It's PHP, and he's trying to protect his database There are many situations where SQLi may allow for dumping the database without obtaining the PHP files. Of course, that also means that Dave should just be using a pepper, since it accomplishes the same threat model but isn't so... broken. | |
| Nov 24, 2015 at 15:21 | comment | added | Mark Buffalo | Let us continue this discussion in chat. | |
| Nov 24, 2015 at 11:56 | comment | added | Mark Buffalo | @monster Of course I have access to the code. It's PHP, and he's trying to protect his database, which I've already stolen. The point of hashing passwords is to protect your users once you've been breached. If I can get a hold of your database, getting a hold of the rest of the important files on the web server is a trivial task. | |
| Nov 24, 2015 at 9:51 | comment | added | monster | And what if you don't have access to the code as you presume? | |
| Nov 24, 2015 at 2:25 | history | edited | Mark Buffalo | CC BY-SA 3.0 | added 24 characters in body |
| Nov 24, 2015 at 2:15 | history | edited | Mark Buffalo | CC BY-SA 3.0 | added 86 characters in body |
| Nov 24, 2015 at 2:05 | history | edited | Mark Buffalo | CC BY-SA 3.0 | new stuff |
| Nov 24, 2015 at 0:41 | history | edited | Mark Buffalo | CC BY-SA 3.0 | more info |
| Nov 24, 2015 at 0:24 | history | edited | Mark Buffalo | CC BY-SA 3.0 | forgot something |
| Nov 16, 2015 at 20:44 | history | edited | Mark Buffalo | CC BY-SA 3.0 | added 8 characters in body |
| Nov 16, 2015 at 20:38 | history | answered | Mark Buffalo | CC BY-SA 3.0 |