undefined | Better HN

0 pointscocoa191y ago0 comments

Yes, it’s an advantage if you plan to store plain text, but storing plain text is bad to begin with.

There is no advantage if you use proper security practices like storing a hash and salt.

0 comments

I mean this sounds like a "you'll never have a bug if you just program well" argument.

Whoever created the login system probably is a different person than who added the logging system. Perhaps the logging system should've discarded login attempts or masked the credentials but there's probably a dozen ways to login and they'd need to know all of them and possible futurely added ones.

It seems a bit more practical to have the system send a safer version of a parameter to the server instead.

j / k navigate · click thread line to collapse

0 pointscocoa191y ago0 comments

Yes, it’s an advantage if you plan to store plain text, but storing plain text is bad to begin with.

There is no advantage if you use proper security practices like storing a hash and salt.

0 comments

lesuorac1y ago

I mean this sounds like a "you'll never have a bug if you just program well" argument.

It seems a bit more practical to have the system send a safer version of a parameter to the server instead.

j / k navigate · click thread line to collapse