Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

chromatic (983)

  (email not shown publicly)

Blog Information [] Profile for chr0matic []

Journal of chromatic (983)

Thursday July 30, 2009
10:07 PM

Overwrought Security Non Sequitur

[ #39381 ]

I’m baffled at what the PerlMonks developers and admins were thinking storing their passwords in plain-text.... This is something that not only has been in Perl since version 1.0, but has also been integrated natively in almost every database environment on the planet.

I’m ashamed as a Perl developer, and this gives a huge black eye to the entire Perl community.

After this, I’m seriously considering switching to another language for my next project.

Jesse Stay, There’s More Than One Way to Store a Password - PerlMonks Hacked

Storing passwords in plain text is wrong, full stop, but if I'd had a server rooted, I'd worry about more than just bad guys reading database dumps. A little phishing code would be easy to insert into a lot of web sites.

Then again, I also worry about DNS hijacking.

If I had a gripping hand, I'd tell you that I once saw a neighbor store a spare house key under the mailbox, and that's why I'm seriously considering switching to a condo for my next dwelling. Guy gave all homeowners everywhere a black eye, even though pockets have been in clothing since almost Textiles version 1.0, not to mention integrated natively in almost every pair of jeans on the planet.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • "After this, I’m seriously considering switching to another language for my next project."

    Huh. I guess that is like seeing someone fall down a flight of stairs, and deciding to avoid stairs from then on.

  • Hmm, going to switch from perl, eh?  Perhaps going to a language that does not have a built-in crypt function will give you better security.