Warning: This has technical jargon in it. I would suggesst something like wikipedia to help decipher it.
Boss: I need to change the MD5 password hashes that you wrote the other day back to the shorter version that I had.
Me: Umm. Why?
Boss: The MD5 hashes are too long to display in the password field.
Me: <blink><blink>Why are you sending the hashes back to the UI?
Boss: I need to know if there is a password set.
Me: <blink><blink>Why are you sending the hashes back to the UI? Can you not set a hidden input that is a boolean?
Boss: Well, really I'm not sending the hash. I'm just sending asterisks the length of the hash.
Me: <blink>So you want to change the hashing algorithm to something less secure so that you can have fewer asterisks? Can you not just send a specific number of asterisks?
Boss: *sigh* I guess. But I've already written the UI.
It's easy to not think about security, I suppose.
No comments:
Post a Comment