Another point: If someone has read-only access to the database (e.g. a junior de... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		shawabawa3 on April 4, 2013 \| parent \| context \| favorite \| on: How to implement HTTPS in an insufficient manner Another point: If someone has read-only access to the database (e.g. a junior developer) they can do absolutely nothing with a hashed password

trust-me on April 4, 2013 [–]

Really? Absolutely nothing! Except social engineering would be extremely easy with all that data about a user.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact