undefined | Better HN

0 pointsZoFreX13y ago0 comments

> It obviously won't help if your database is compromised

Good news, everyone: it will!

0 comments

3 comments · 1 top-level

batista13y ago· 2 in thread

No, it won't. They can just write a new password + salt in the db and get in as that user.

ZoFreXOP13y ago

Well, we need to define the attack if we're going to talk about what will and won't help. Generally when we talk password security, we assume the attack is to discover a large number of users' passwords, not to spoof as one. Additionally, it's more common to get read-only access to the data than it is to be able to execute arbitrary queries against the DB.

shakesbeard13y ago

But maybe that's not want you want to achieve?

j / k navigate · click thread line to collapse