Question In the event your user authentication database becomes public, what are some of the consequences...
Question
In the event your user authentication database becomes public, what are some of the consequences for your users if your users’ passwords were stored as plaintext? Describe how you could have reduced the severity of such an event occurring.
Homework Answers
To make it simple, if passwords are in plain text, the security would be compromised by anyone having a glance at it.
Now, you need to remember that website log-in isn't the only access to a database. An attacker might be able to get some information from your database in various ways.
First you need to know that it happens. And a hacker typically won't leave a note saying "hey there, I was here, thanks for the data!". So unless you get to know about it, you can't change your password.
Now let's say that there are more users on your system/website. If you get to know about it, you need to inform all the others. How long would it last between the breach, you getting to know about it, you informing your users, covering the hole, and everyone having changed their passwords?
And if your system is open to the public, you can't rely on users not reusing the same passwords. So not only your lack of security compromised their account on your system, they may compromise their other accounts elsewhere.
Why should not passwords be stored in plaintext?
There are 2 main reasons:
-
If a database dump is obtained, attackers can simply login with the plain-text password in the dump. If the passwords were hashed, the password would first need to be brute-forced.
-
Lots of users reuse passwords, as bad an idea as it is, so your security failure could compromise other systems too.
If I'm a hacker and having access to database, it's unimportant, if the password is secure or not, because a password can be changed
That's only if you get write-access to the database. If you have obtained read-only access, or acquired a backup of the database, you would be able to login with the existing password, but not edit the live database. If the password were properly hashed and salted, you would have to brute-force it first, which if unique and well-secured would be infeasible.
In order to avoid such scenarios, we should always hash and encrypt the user passwords and then store them in database.
Add Answer to:
Question
In the event your user authentication database becomes public,
what are some of the consequences...
Java Netbeans code Option 1: Authentication System For security-minded professionals, it is important that only the...
Java Netbeans code Option 1: Authentication System For security-minded professionals, it is important that only the appropriate people gain access to data in a computer system. This is called authentication. Once users gain entry, it is also important that they only see data related to their role in a computer system. This is called authorization. For the zoo, you will develop an authentication system that manages both authentication and authorization. You have been given a credentials file that contains credential...
Based on your understanding of “Public Trustee Obligations” what were some of the concerns of the...
Based on your understanding of “Public Trustee Obligations” what were some of the concerns of the fairness doctrine and that it might chill speech? With respect to the chill, could this concern have been mitigated (reduced or avoided) by the adoption of a new, more detailed fairness doctrine that gave licensees clear touchstones as to which broadcasts would (and would not) trigger fairness doctrine obligations? Discuss.
Option 1: Authentication System For security-minded professionals, it is important that only the appropriate people gain...
Option 1: Authentication System For security-minded professionals, it is important that only the appropriate people gain access to data in a computer system. This is called authentication. Once users gain entry, it is also important that they only see data related to their role in a computer system. This is called authorization. For the zoo, you will develop an authentication system that manages both authentication and authorization. You have been given a credentials file that contains credential information for authorized...
Does a wizard function allow the user to enter or modify data in the records? Select...
Does a wizard function allow the user to enter or modify data in the records? Select Yes or No. A) Yes B) No What are procedures that help keep a database current? A) Database query procedures B) Report generation procedures C) File maintenance procedures D) Data entry procedures What is one advantage of using a relational database over a spreadsheet or flat file to store data? A) It allows for reduced complexity in the design and implementation. B) It enables...
The Question: If you take a look at the syllabus, one of the goals of the course is basically to make you knowledgeable about how to defend your own computers, online privacy, etc. This is especially...
The Question: If you take a look at the syllabus, one of the goals of the course is basically to make you knowledgeable about how to defend your own computers, online privacy, etc. This is especially true for emerging issues. That is, things that might come up in the future what we didn’t cover in the course. So, in that spirit this question takes a topic that we have not covered, and asks you to look into it and answer...
After reviewing AWS pricing models on the AWS web site, prepare an estimate for a monthly database environment running on AWS. Be sure to make some assumptions of your own regarding: - Number of datab...
After reviewing AWS pricing models on the AWS web site, prepare an estimate for a monthly database environment running on AWS. Be sure to make some assumptions of your own regarding: - Number of database environments (for example production, test and development) - Brand of database selected (examples are listed in RDS offering that we studied a few weeks ago) - Volume of data (storage) - Number of users - Amount of database activity (input/output activity) - Cost if you...
Your project will require you to develop a database design to solve a real-life data management...
Your project will require you to develop a database design to
solve a real-life data management problem. It can be any problem in
your work environment or for another organization, for example, a
bookstore (think of how Amazon uses databases), a course management
system (think of how a university manages courses), a bank (think
of how your bank works), and an online auction site (think of how
Ebay works). You will develop a database to solve this problem
You will...
What would be a scholarly definition for the term, public goods? Can you provide some source"s...
What would be a scholarly definition for the term, public goods? Can you provide some source"s of public goods, possibly two examples? Can public goods be offered by the private sector? Public sector? How could you defend this or your answer to the questions above?
You and your colleague develop a proposal for migrating your department's resources to a public cloud...
You and your colleague develop a proposal for migrating your department's resources to a public cloud and then present it to the department's IT services director. he is immediately concerned about security. Some of the data derived from experiments, including gene sequencing information, is stored on your server's hard disks and is strictly confidential. a data leak would lead to great embarrassment, and possibly lawsuits. Not only that, but the IT services director believes that if data were stolen from...
share your thoughts on what you think are some examples in public health where there was...
share your thoughts on what you think are some examples in public health where there was breakthrough improvement? How did creativity and innovation come into play?
Your project will require you to develop a database design to
solve a real-life data management problem. It can be any problem in
your work environment or for another organization, for example, a
bookstore (think of how Amazon uses databases), a course management
system (think of how a university manages courses), a bank (think
of how your bank works), and an online auction site (think of how
Ebay works). You will develop a database to solve this problem
You will...
Most questions answered within 3 hours.
-
Little’s Law: Val d’Costa is a world famous ski village in the
French Alps. Because of...
asked 1 minute ago -
Find the absolute error D for the calculation if A + B/C=D A=
9.4 +/- 0.4...
asked 15 minutes ago -
New Air Heating and Cooling, manufactures furnaces and central
air units. The company pride itself on...
asked 28 minutes ago -
A coach uses a new technique to train gymnasts. Seven
gymnasts were randomly selected and their...
asked 2 hours ago -
While rotating the tires on your car you notice a rock [mass =
0.1 Kg] stuck...
asked 4 hours ago -
Using MARS simulator, write MIPS programs according to
the following scenarios: Receive a positive integer number...
asked 6 hours ago -
An object in front of a concave mirror has a real image that is
11.5 cm...
asked 6 hours ago -
Consider the reaction, C3 H8 + O2 --> CO2 + H2O. How many
moles of O2...
asked 8 hours ago -
You and your opponent both roll a fair die. If you both roll the
same number,...
asked 8 hours ago -
In a study of the accuracy of fast food drive-through orders,
Restaurant A had 257 accurate...
asked 8 hours ago -
Identify and describe in detail the four categories of
institutions that could be included in a...
asked 8 hours ago -
In python
class Customer:
def __init__(self, customer_id, last_name, first_name, phone_number, address):
self._customer_id = int(customer_id)
self._last_name =...
asked 8 hours ago