StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<ol> <li>Meebo to Piskvor: Give me your IM password, I'll login for you. </li> <li>Piskvor to Meebo: It's "12345". </li> <li>Meebo to IM: Hello, I'm "Piskvor"; to prove it, my password is "12345" </li> <li>IM to Meebo: Hello, you are indeed "Piskvor"; there's also a message for you from user "average". </li> <li>Meebo to Piskvor: There's a message for you from user "average".</li> <li>(etc)</li> </ol> <p>Take note of lines 2 and 3. In order to do #3, Meebo needs your password; (unless there's some cooperation between the IM provider and Meebo (which is possible but unlikely)) it has, at some point between those lines, your plaintext password.</p> <p>Congratulations, you no longer have complete control over your IM account; as far as the IM service cares, Meebo <strong>is</strong> you.</p> <p>In other words: do you trust Meebo not to abuse your password? Do you trust Meebo to protect your password? Do you trust that Meebo won't be hacked and your password stolen? As far as I see, there's no way to tell (unless you're Meebo, which you're not).</p> <p>It boils down to this: <strong>do you trust Meebo's promises?</strong></p> <p>Here's my $0.02: Convenient? Check. Horribly insecure? Check.</p> <hr> <p>Oh, and to answer the question in the title: best practice would be "encrypt the password, don't keep the plaintext anywhere (any longer than absolutely necessary)". However, I've seen too many databases with plaintext password fields; some businesses apparently see encryption as waste of effort until Something Really Bad Happens. Does Meebo? I don't have a way to tell.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload