Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re^6: CGI MySQL insert/update special characters

by haukex (Archbishop)
on Mar 30, 2020 at 07:24 UTC ( [id://11114792]=note: print w/replies, xml ) Need Help??


in reply to Re^5: CGI MySQL insert/update special characters
in thread CGI MySQL insert/update special characters

The problem with digest authentication is that it requires the server to store a plaintext password or password-equivalent

Yes, good point as well. (I did say "at the very least" - but I should have made it clear that more advanced schemes would be much better.)

I consider the house embedded device LAN an isolated network ... Embedded devices often have really bad security anyway

Taking this point together with the above, I'm confused about the message, whether plaintext passwords are okay or not. When an embedded or proprietary device has limitations, then one might not be able to do anything about its security, sure. But anything else, personally I like to play it safe. And when it comes to recommendations to others, personally I'd very much avoid saying that plaintext passwords are okay (when they can be avoided, as in the context of this thread) - that's all I was trying to say.

  • Comment on Re^6: CGI MySQL insert/update special characters

Replies are listed 'Best First'.
Re^7: CGI MySQL insert/update special characters
by jcb (Parson) on Mar 31, 2020 at 03:43 UTC
    I'm confused about the message, whether plaintext passwords are okay or not.

    Then I will be more clear: plaintext passwords are NEVER acceptable across the open Internet.

    (And some embedded devices have "SSL" that is little better than plaintext anyway — if the RNG has only a 32-bit state variable, then 32 bits is probably the effective strength of the session key!)

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11114792]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (5)
As of 2024-04-19 15:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found