How is it that databases of password hashes can be stolen in te first place? It ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

daigoba66 on Feb 15, 2014 | parent | context | favorite | on: Important Kickstarter Security Notice

How is it that databases of password hashes can be stolen in te first place? It seems that you need a pretty severe firewall and server breech for that to occur.

anaphor on Feb 15, 2014 | [–]

Usually because the password database is able to be compromised by some code injection bug (e.g. SQLi). In order to prevent this you should be using a library the makes it impossible to mix code and input data like that.

kevinbowman on Feb 15, 2014 | [–]

My guess would be via some kind of SQL injection.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact