> It's only dangerous if a customer can trick your web frontend
> into displaying the output of "SELECT * FROM USERS", for
> example. If the frontend only uses hardcoded queries, or
> quotes every user-supplied parameter, there's no problem. In
> fact, you need the password in plaintext to s
Yes.
1. Read the manual sections concerning setting up new accounts with special emphasis
on passwords.
2. When you thoroughly understand those matters, take the issue to the system
administrator and/or management.
hth,
Doug
Only two things are infinite, the universe and human stupidity, an
In the last episode (Dec 12), James McLaughlin said:
> The new programmer for our company is not using the dataType
> "password" or any encryption what so ever for our user accounts
> (accounts that our customers use for getting into our system) in our
> database.
>
> Instead he is using the VarC
it's not all that dangerous. it just means that you can read your users'
passwords. anyone who can read that db table can become any of your
users. password fields are just another safeguard against a "just in case
someone gets read access to this" scenario. they also serve to provide
more pr
