Skip to Main Content
SQL Antipatterns, Volume 1
book

SQL Antipatterns, Volume 1

by Bill Karwin
October 2022
Intermediate to advanced content levelIntermediate to advanced
380 pages
9h 35m
English
Pragmatic Bookshelf
Content preview from SQL Antipatterns, Volume 1

Antipattern: Store Password in Plain Text

The frequent mistake in these kinds of password-recovery solutions is that the application allows the user to request an email containing their password in clear text. This is a dire security flaw related to the database design, and it leads to several security risks that could allow unauthorized people to gain privileged access to the application.

Let’s explore these risks in the following sections, assuming our example bug-tracking database has a table Accounts, where each user’s account is stored as a row in this table.

Storing Passwords

A password is typically stored in the Accounts table as a string attribute column:

 CREATE​ ​TABLE​ Accounts (
  account_id ​ ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Learning SQL, 3rd Edition

Learning SQL, 3rd Edition

Alan Beaulieu
SQL Antipatterns

SQL Antipatterns

Bill Karwin
High Performance MySQL, 4th Edition

High Performance MySQL, 4th Edition

Silvia Botros, Jeremy Tinley
SQL Cookbook, 2nd Edition

SQL Cookbook, 2nd Edition

Anthony Molinaro, Robert de Graaf

Publisher Resources

ISBN: 9798888650011Errata Page