02. Problems with Plain Text

Problems with Plain Text

ND004 C03 L03 A02 Problems With Plain Text 1

Additional Reading

  • Facebook . In March 2019, it was revealed that over 20,000 employees had access to plain text user passwords. Thankfully, it believed there was no malice resulting from this flub up. Read More .

  • Large Power Utility . Discovered in February 2019. They'll conveniently even email you the plain text password. Read More

  • The site haveibeenpwned.com has many other documented mistakes and is worth a skim.

User Table Vulnerability: SQL Injection

ND004 C03 L03 A03 SQL Injections 1

Mitigation Against SQL Injection

What are some steps we might take to minimize the risk of compromising our user tables?

SOLUTION:
  • Choose complex admin passwords for our databases
  • Use ORMs
  • Use input validation and sanitize any user submitted data
  • Use prepared or parameterized SQL statements
  • Store our backups as securely as our production databases

Plain Text Password Hypocratic Oath

QUESTION:

Type the following statement:
As a developer, it is my responsibility to take security seriously and not implement weak systems including storing plain text passwords.

SOLUTION:

NOTE: The solutions are expressed in RegEx pattern. Udacity uses these patterns to check the given answer

Additional Resources