CodingForums.com - View Single Post

TFlan · 01-29-2013, 04:01 PM

Secure passwords are not the end-all-be-all. You also need a secure database.

People/Businesses that get hacked are hacked because of other security weaknesses. Such as SQL injection, XSS, CSRF, session hijacking, whatever.

These weaknesses give hackers the open doorway into your database where they can download your users table and then run the cracking script on your hashes.

To secure your passwords, secure your database. Plug those holes. You're approaching the problem as if someone already has access to your database

01-29-2013, 04:01 PM	PM User \| #6
TFlan New Coder Join Date: Dec 2012 Location: USA Posts: 82 Thanks: 3 Thanked 17 Times in 17 Posts	Secure passwords are not the end-all-be-all. You also need a secure database. People/Businesses that get hacked are hacked because of other security weaknesses. Such as SQL injection, XSS, CSRF, session hijacking, whatever. These weaknesses give hackers the open doorway into your database where they can download your users table and then run the cracking script on your hashes. To secure your passwords, secure your database. Plug those holes. You're approaching the problem as if someone already has access to your database