Less, let's say, humorously: I note the recent attempt by
Bod to discuss the elephant in the room (the password problem), at
Priorities perhaps?.
Having just re-read it, I see what I believe is a way to cut the Gordian knot. It could feel like a large, atomic change is needed to both encrypt the passwords, and put in place the workflow needed to do password resets that would be needed because the plaintext isn't available anymore.
But what about making a workflow for password resets now, even though the passwords are still plaintext in the database? It would both set the conditions for then encrypting the passwords as a second, independent step, and already increase security a bit by not having plaintext passwords be emailed around, and sit in people's mailboxes for ze baddies to snarf up.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.