Why password are plain text in database?

clashofclan · January 1, 2015, 3:23pm

slabos · January 2, 2015, 12:25pm

You are supposed to protect your server and if you use it as a workstation also, then use a separate account without access to SambaPOS database. Makes sense to me, but SambaPOS programmers might have other reasons.

Jesse · January 2, 2015, 11:46pm

Do you want the ability to recover them? Is windows authentication not strong enough to secure it?

To be honest I would be more concerned with why someone had access to look at the database than I would be about the risk of them seeing the password as plain text.

clashofclan · January 4, 2015, 5:00pm

It is all about privacy, administrator should have access to database but it is better that he could not be able to see his employees passwords, so it is better to store them as hash even better to have a salt.

Jesse · January 4, 2015, 5:11pm

They are not passwords. They are pin numbers to access the POS. Your users have no personal info to protect. I think your confusing a different security need. Privacy is not a concern in this situation as its controlled access to a specific function not private information.

clashofclan · January 4, 2015, 5:32pm

There are no personal information this is true, but by having others employees pin code some one could do malicious things, what ever, it is @emre who make decision on this topic

Jesse · January 4, 2015, 5:52pm

I believe he has answered this before. I will search see if I can find it.

EDIT: Can not seem to find it however It was very similar to my response here.

Jesse · January 4, 2015, 6:58pm

I really do not see how the administrator having other users pin’s would lead to malicious things.