Problems with Plain Text

ND004 C03 L03 A02 Problems With Plain Text 1

Additional Reading

Facebook . In March 2019, it was revealed that over 20,000 employees had access to plain text user passwords. Thankfully, it believed there was no malice resulting from this flub up. Read More .
Large Power Utility . Discovered in February 2019. They'll conveniently even email you the plain text password. Read More
The site haveibeenpwned.com has many other documented mistakes and is worth a skim.

User Table Vulnerability: SQL Injection

ND004 C03 L03 A03 SQL Injections 1

Mitigation Against SQL Injection

What are some steps we might take to minimize the risk of compromising our user tables?

Choose complex admin passwords for our databases

Use ORMs

Use input validation and sanitize any user submitted data

Use prepared or parameterized SQL statements

Store our backups as securely as our production databases

SOLUTION:

Choose complex admin passwords for our databases
Use ORMs
Use input validation and sanitize any user submitted data
Use prepared or parameterized SQL statements
Store our backups as securely as our production databases

Plain Text Password Hypocratic Oath

QUESTION:

Type the following statement:
As a developer, it is my responsibility to take security seriously and not implement weak systems including storing plain text passwords.

ANSWER:

SOLUTION:

NOTE: The solutions are expressed in RegEx pattern. Udacity uses these patterns to check the given answer

Additional Resources

Bandit CLI Wargame - This wargame helps you learn CLI and security while you have fun!