[Soft Where It Hurts] [AppFuse Line-by-Line] Do the "benefits" of encrypting user passwords within your database outweigh the grief?
AppFuse encrypts user passwords in the database using SHA by default. This means that my users can rest easy that I can't see their passwords.
However, it also means that I am not able to log in to my own site as one of my users for debugging purposes. And it means that I can't send a user their lost password; I can only generate a new one -- and then somewhat ironically email it to them in plain text! I can't see their password, but anyone sniffing email between me and them can.
Yes, I can send it without their username, but if Alanis Morissette can define ironic however she wants to, then so can I.
Do the sites you register at encrypt your password in their database? Do you even know? Do you care? I know that I've never told my users, one way or the other. I am trying to remember if any site has told me.
We all have so many usernames and passwords that it's unmanagable. To alleviate the pain, we sometimes use the same username and password at multiple sites. By doing so, though, there is the risk that one site's personnel will use your account to log in at another site. But how significant is that risk?
It is a significant risk:
- if they can guess which other site you might be registered at
- if they have access to their own site's database
- if their passwords are stored in clear text
- if you used the same username and password
- if it ever even occurs to them to do this
- if your account happens to be one that they try.
- if there is even any damage they can do. I don't use the same password for TheServerSide.com that I do for PayPal.
What do you think about the pros and cons of encrypting passwords within your database? I'm sure it depends a lot on the nature of your data, who has access to your database, etc. As a developer, do you have access? As a user, do you care who can see your password?