Why Are Some Websites Still Not Using A Salted Model When It Comes To Their Database?

While none of us like to think that we are, we all have a little bit of laziness inside of us. Even those of us who are considered hard workers will take some time and try to figure out how to get their work done faster and more efficiently. It is just in our nature as human beings. We are, at our core, people who try to better our station in life even if it is just by doing the little things. So it is not a surprise to see laziness catch up to people who are supposed to know better.

salted-model

And when it comes to being a programmer you know that you have to be careful these days. When you were a programmer in the past your main concerns were worrying about the lower levels of the machine. Programming languages were not as high level then and you didn’t have the luxury of being able to write a program as quick as you can now. But you also didn’t have to worry about security in those days either. There were very few people with internet connection or even a networked connection so security was not on the minds of most programmers when they created their products. But now we live in a different era and security is something that you have to think about all of the time. If you do not think about it then you are putting your program and your customers in harms way.

So now when a programmer creates an application, he has to have more of a social aspect when he is writing his program. When we say social we do not mean he has to think about websites like Facebook and Twitter. When we say social we mean that he has to put some thought into what other people might try to do with his application. How are they going to use it and are they going to try to abuse it? This goes for both web and desktop apps. That is why it is up to the programmer to learn good security practices along with learning the syntax of a language. It is not just enough to be able to create in your language of choice anymore, you have to be able to protect as well.

This is why if you deal with databases either through the web or embedded; you should learn how to salt your application. What this means is that you add extra data to what the username and password actually is. Even the end user who created the password will not know what you put in there.

Salting your passwords helps solve two different problems. It allows you to make the end user data a certain length, which always makes it harder to run an automated brute force attack. And it allows you to enforce good password making practices for your end user. If they come up with a weak password, you always have the data that you added to make it that much stronger. This helps take the pressure off of the end user when it comes to providing a good strong password.

If you are a programmer then there is no excuse for you not to learn good programming security practices at this point. It does not matter how big or small your program is, do not think that you are the one who is going to be exempt from the bad guys going after you.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*