But since you can't guarantee that every programmer and contractor, including fu... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sp332 on May 6, 2014 \| parent \| context \| favorite \| on: We'd lose our security certificate if we allowed p... But since you can't guarantee that every programmer and contractor, including future ones, write proper SQL, it's nice to reduce the attack surface a bit.

KMag on May 6, 2014 [–]

Reduce the attack surface by running the password through a proper modern Key Derivation Function (KDF) such as Scrypt before passing it to the database, not by running it through a few regexes.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact