I've recently been given access to a mySQL database which will sit behind a website designed to allow people to register their interest in a given subject and provide further information about themselves. Of course the password is hashed/salted, but both the answers to the security questions are stored in clear text. When I questioned this I was told that the website couldn't retrieve the answers if they were hashed, and since the same website is used by the helpdesk to verify peoples details if they contact them it is necessary for the helpdesk staff to be able to read the answers.
I am completely new to the security/website interaction side of things, so I don't even know where to start querying this. So my questions are as follows:
Is it likely that there is a technical issue that prevents the site from dealing with hashed information (I'm told the website has been developed in Google Apps)?
Where can I find resources that will help me argue for the further development of the site/app so that it can deal with hashed information?
Am I just being paranoid?
Thanks,
Anne
PS I hope this is the right forum for this, otherwise please let me know and I'll remove the post (that's how new I am to this), same goes for editing tags.
Asked by AnneB
(11 rep)
May 23, 2014, 10:35 AM