DesignersTalk - View Single Post

haku · 09-05-2008, 03:37

What happens is people don't necessarily get raw access to your database, but they find an opening in your code somewhere, and they exploit that to do a database dump. They will dump out the contents of whatever table they find that they can get in to. If that table happens to be your table with the passwords in it, they now have a list of all your users and all their passwords, which they can use to not only get in to your site, but as LarixK said, they often can get into other people's sites as well.

Look through the procedure I outlined above, and spend a bit of time developing something along the same lines. If you don't do so, it's not that fair to your users. If you want to be able to change passwords, then you create another form somewhere that lets you input a password that then updates the database with that password for whatever user it is you are working on.

09-05-2008, 03:37	#16 (permalink)
haku shiro Join Date: Aug 2007 Location: Yokohama, Japan Posts: 1,676	What happens is people don't necessarily get raw access to your database, but they find an opening in your code somewhere, and they exploit that to do a database dump. They will dump out the contents of whatever table they find that they can get in to. If that table happens to be your table with the passwords in it, they now have a list of all your users and all their passwords, which they can use to not only get in to your site, but as LarixK said, they often can get into other people's sites as well. Look through the procedure I outlined above, and spend a bit of time developing something along the same lines. If you don't do so, it's not that fair to your users. If you want to be able to change passwords, then you create another form somewhere that lets you input a password that then updates the database with that password for whatever user it is you are working on. __________________ This is not a signature.