Repeat. Folks, for most implementations here there are basically 2 issues to consider (if we rule out man-in-the-middle attacks): (1) If your attack is from inside (i.e., someone has your database), you still need a…
I can do it even better. As long as it's being done on your own server, and you are only concerned with outside threats, then toss bcrypt over the side, and you can do that in 2 easy steps: [1] pause for 0.2 seconds…
I get so tired of this. Almost ALL of you are thinking with blinkers on. The password field of your website is not the only vulnerability! Most, of the time, an even bigger vulnerability is PEOPLE. People at your…
Let's cut to the chase. OP is right. cUrl is a shitty way to install software. All these other arguments are peripheral to the central issue, which is simply that cUrl is a shitty way to install software. Reasons have…
Repeat. Folks, for most implementations here there are basically 2 issues to consider (if we rule out man-in-the-middle attacks): (1) If your attack is from inside (i.e., someone has your database), you still need a…
I can do it even better. As long as it's being done on your own server, and you are only concerned with outside threats, then toss bcrypt over the side, and you can do that in 2 easy steps: [1] pause for 0.2 seconds…
I get so tired of this. Almost ALL of you are thinking with blinkers on. The password field of your website is not the only vulnerability! Most, of the time, an even bigger vulnerability is PEOPLE. People at your…
Let's cut to the chase. OP is right. cUrl is a shitty way to install software. All these other arguments are peripheral to the central issue, which is simply that cUrl is a shitty way to install software. Reasons have…