Taking into mind that email addresses extracted out of hacked databases is one of the main spam industry seeders, I always wonder why web application developers don't consider encrypting emails the same way they consider encrypting password! Once a hacker has full access to a database, an encrypted password becomes like locking the door while keeping the window open!
Say a user has an account in some discussion forum, that uses an open source, or visible-source software. She has about 5000 posts in which she has expressed her personal opinions on just about many things. Now what a hacker has to do is to dump the database into a local server running the same software, and begin analyzing the data, creating well-crafted lists of "potential customers" for which he's going to deliver very well-targeted mailing newsletters! Regards, Usamah -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
