{"id":1224,"date":"2011-06-10T18:31:04","date_gmt":"2011-06-10T10:31:04","guid":{"rendered":"http:\/\/www.alfredivy.per.sg\/blogger\/?p=1224"},"modified":"2015-11-15T13:38:11","modified_gmt":"2015-11-15T05:38:11","slug":"password-security","status":"publish","type":"post","link":"https:\/\/www.alfredivy.sg\/blogger\/2011\/06\/password-security\/","title":{"rendered":"Password security"},"content":{"rendered":"<p>This is a very simple rule in application security.<\/p>\n<p>Never ever save a user password in the clear.<\/p>\n<p>Quite simple right?\u00a0 No matter where it is stored, ultimately it needs to be opened for reading or backup.<\/p>\n<p>If you need to save the user password, use a strong one way <a href=\"http:\/\/en.wikipedia.org\/wiki\/Cryptographic_hash_function#Cryptographic_hash_algorithms\" target=\"_blank\">hash algorithm<\/a> and save the hash.\u00a0 All you need to do on authentication is to compare hashes. Simple?<\/p>\n<p>Some people don&#8217;t get it.\u00a0 Engadget reported that some mobile application or apps store password in the clear.<\/p>\n<p>Read about it <a href=\"http:\/\/www.engadget.com\/2011\/06\/09\/netflix-foursquare-and-linkedin-android-apps-expose-your-passw\/\" target=\"_blank\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is a very simple rule in application security. Never ever save a user password in the clear. Quite simple right?\u00a0 No matter where it is stored, ultimately it needs to be opened for reading or backup. If you need&hellip; <\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[237],"tags":[],"class_list":["post-1224","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts\/1224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/comments?post=1224"}],"version-history":[{"count":8,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts\/1224\/revisions"}],"predecessor-version":[{"id":1276,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts\/1224\/revisions\/1276"}],"wp:attachment":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/media?parent=1224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/categories?post=1224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/tags?post=1224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}