22
mcraz
8y

Once upon a time, in a proprietary e-commerce framework used by few hundred sites...

I just took over a project where the previous developer stored password in two separate fields.

password & password_visible

First was encrypted and used for authentication. Second was plaintext password and was shown in the admin panel.

Hope to meet this god someday, I'd sure ask why the hell did he use encrypted password for authentication anyway. 😂

Comments
  • 2
    I've seen PO asking for that functionality. It was explained with "If they have some problems we need to be able to log into thwir accounts to check it." :D (yeah, you can program functionality like "admin-relog-to-useracc" or just make second field called "admin-password" that admin can set (it will expire shortly) to temporarly login on that acc)
  • 4
    @Marqin my concern is why have a encrypted password field at all if you anyway store the naked one.
  • 2
    @mcraz That plaintext field might have been added later
Add Comment