Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

juanbro (3508)

juanbro
  (email not shown publicly)

Journal of juanbro (3508)

Monday June 05, 2006
10:14 PM

Plain text passwords

[ #29817 ]

It's been a while since I've worked on any kind of system where passwords were stored as clear text. I guess I've just come to expect that they are to be stored as encrypted stings. So I was pretty surprised when I learned that a company I was doing business with, a major hosting/communications company, stores all of its customer and reseller passwords as plain text. Every tech support, customer service or sales rep can view any accounts password, without the knowledge or authorization of anyone. This password allows for root access to all servers associated with the account.

I asked some company reps about it, and the answers didn't make me feel any better. 'We need to see the passwords for verification purposes' and 'We pride ourselves on our integrity' and yes, even 'we haven't had a problem before'. I made most of the arguments you might expect, but it was clear I was getting nowhere. After all, they are a huge company and that's the way they do things, end of story.

I can't help but wonder how long it will be before a disgruntled employee leaves the company along with a few hundred account passwords. Sure they 'haven't had a problem before', but I figure that just means they are overdue. I think I felt better before I knew this.

p.s.
HOLY SH*T!! It's been four years since I wrote in this thing!!

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.