Antipattern: Store Password in Plain Text
The frequent mistake in these kinds of password-recovery solutions is that the application allows the user to request an email containing their password in clear text. This is a dire security flaw related to the database design, and it leads to several security risks that could allow unauthorized people to gain privileged access to the application.
Letâs explore these risks in the following sections, assuming our example bug-tracking database has a table Accounts, where each userâs account is stored as a row in this table.
Storing Passwords
A password is typically stored in the Accounts table as a string attribute column:
| â | âCREATEâ âTABLEâ Accounts ( ... |
Get SQL Antipatterns, Volume 1 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
