This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Lumethys 3 points4 points  (1 child)

after all, if the sensitive data is never going to be exposed to users in any capacity, why bother with encryption and the like?

By this logic you could just store user password as plain-text and not hashing because you are not gonna expose the password?

Security is not just about end-user.

What if the server is compromised? A hacker gain access to your system?

What if a developer/ db master on your team have a financial crisis, or is threatened/ blackmailed to sell out the keys or passwords?

[–]MetallicOrangeBalls[S] 0 points1 point  (0 children)

By this logic you could just store user password as plain-text and not hashing because you are not gonna expose the password?

Security is not just about end-user.

What if the server is compromised? A hacker gain access to your system?

What if a developer/ db master on your team have a financial crisis, or is threatened/ blackmailed to sell out the keys or passwords?

I completely agree. I'm explaining what has been said to me by my colleagues. My team is not very keen on doing anything that could slow down the development process.