| cheesefood 2004-06-11, 7:15 pm |
| When my company had their website developed, they used a development company to
create and host the site.
I took over the responsibility. Recently I was given database access on our
website and I found something that shocked me: Not only do I have access to
our database, I have access to every database for every website they host or
develop. Out of curiosity, I poked my nose around and was shocked by the
amount of user names and passwords that I'm able to easily access. Some of the
user names and passwords are for members of professional sports organizations
and banks!
Is my hosting company being sloppy? Should they have everything restricted or
is this not possible? How about encrypting the passwords in their tables? I'm
planning on discussing this with my IT department and talking to the hosting
company about this, but I'd like some opinions on the feasability of making the
databases more secure before I begin the dialogue.
|