Geek Answers Handbook

Why would you ever want to store a text or encrypted (non-hashed) password in the database?

I have heard many reasons for storing hashed passwords in a database. However, there are almost always options in the authentication API for storing passwords in plain text or encryption.

Is there a reason why you would like to save the password as plain text or encrypted in the database?

Note To be clear, I know that storing non-hashed passwords is almost always bad . (as far as I know, one way or another). My question is why most authentication APIs include options for storing passwords in encrypted or plain text.

+5
source share
9 answers

The only real reason I can think of is when the database belongs to a system that itself targets the real application. For example, when you have programs that come into something for you (email clients, instant messaging clients, etc.). All of them must save the password in a renewable way to gain access, because the target application will not decide between the real user and the user using the tool. It was at this point that OAuth and alikes were made to save the user's password.

+6
source

One of the reasons I can think of is to allow the password recovery option. There is no way to recover a password that the system does not know.

, reset - .

+6

, , ? It'll be hilarious the first few times this happens.

+5

, - .

, , .

, . , , , . , . .

+1

1) , . , .

2) .

+1

:

, - , .. , "1" - .

- .

+1

, (, ). . - , . , , md5, . ( google ), .

. , . :)

0

.

gmail , Google, Google , Google , gmail.

, , , , " ".

0

"" , , , , , . - .

0

More articles:


All Articles