October 22nd, 2003, 12:54 PM
Legality: Storing user paswords in plain text format
I am building a customer login for a client's sie (http://www.pitch-invasion.com). Now, he would like the following:
- His managers to be able to retrieve users' passwords
However, I am used to building such systems with md5 encrypted passwords, stored as a hash in a MySQL database. Of couse, I COULD store his customers passwords there in plain text format but I was wondering:
- Is this legal? Does the Data Protection Act (UK) specify that customer information should be stored as securely as possible?
- How much easier does it make the accounts to hack, having the passwords in plain text?
Many thanks in advance for any replies.
October 26th, 2003, 08:17 PM
I wouldn't mind nowing the answer to that as well. Did you find anything out?
November 4th, 2003, 05:32 PM
Clients *always* ask for this kind of thing! It's not their fault, they just don't realise how easy it is for a teenage hacksnot to cause irreparable damage to a website - and to the owner's business. I've had e-commerce clients ask me to mail credit card numbers to their wife's Yahoo account "to speed things up a bit".
The way I understand it, the developer would have to prove that he/she had taken all reasonable precautions to ensure the security of personal information so I'd guess that means you should always encrypt passwords!
It's worth remembering that if the site does get compromised, the client will be looking for someone to sue for damages and the obvious person is ... YOU! Just tell them some scary stories about hackers. Tell them that you will not accept a brief that specifies poor security measures and ask (politely but firmly) that they reconsider. If they absolutely insist and you still want to do the work then insist that they sign a legal disclaimer saying you can't be held responsible for password security. Then wait for them to get hacked, laugh in their faces and tell them what a bunch of know-it-all amateurs they are. Then charge double rate to fix the site the way it should have been done in the first place - with encrypted passwords.
Disclaimer: I'm a developer, not a lawyer. Don't take my word for it, ask a lawyer!