Researchers at the University of Bonn in Germany have found that developers tend to write code that stores user passwords in an unsafe manner, because that is easier than creating a more secure product.
The researchers conducted an experiment involving 43 programmers hired via the Freelancer.com platform, and found that developers need to be explicitly told to write code that stores passwords in a safe, secure manner.
The researchers asked the participants to use technologies such as Java, JSF, Hibernate, and PostgreSQL to create the user registration component of a website.
Only 15 of the 43 developers chose to implement salting, a process through which the encrypted password stored inside an application's database is made harder to crack with the addition of a random data factor.
In addition, 17 of the 43 developers copied their code from Internet sites, suggesting freelancers did not have the necessary skills to develop a secure system from scratch.
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA
No entries found