November 4th, 2003, 05:32 PM
|
|
Contributing User
|
|
Join Date: Nov 2003
Posts: 42
Time spent in forums: < 1 sec
Reputation Power: 5
|
|
|
Clients *always* ask for this kind of thing! It's not their fault, they just don't realise how easy it is for a teenage hacksnot to cause irreparable damage to a website - and to the owner's business. I've had e-commerce clients ask me to mail credit card numbers to their wife's Yahoo account "to speed things up a bit".
The way I understand it, the developer would have to prove that he/she had taken all reasonable precautions to ensure the security of personal information so I'd guess that means you should always encrypt passwords!
It's worth remembering that if the site does get compromised, the client will be looking for someone to sue for damages and the obvious person is ... YOU! Just tell them some scary stories about hackers. Tell them that you will not accept a brief that specifies poor security measures and ask (politely but firmly) that they reconsider. If they absolutely insist and you still want to do the work then insist that they sign a legal disclaimer saying you can't be held responsible for password security. Then wait for them to get hacked, laugh in their faces and tell them what a bunch of know-it-all amateurs they are. Then charge double rate to fix the site the way it should have been done in the first place - with encrypted passwords.
Disclaimer: I'm a developer, not a lawyer. Don't take my word for it, ask a lawyer!
|
Dev Shed Forums Sponsor:
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
