I have been making a website to give as a present for my sister. It was a learning experience. I had to get to grips with apache, PHP, MySQL and CSS, none of which I was familiar with. I do have a good SQL and programming basis, though, so I was able to get to grips with it fairly easily. I also registered a domain name. It was 4.84 EUR (5.84 USD) for a .net name for a whole year! For those interested, I got it here.
On a side note, PHP is a dream to work with. I found it very flexible and was able to do some nice things, like using JPGraph. Also, coding HTML and leaving almost all of the layout issues to CSS made for easy going.
Anyway, back on track. So I made a website for my pregnant sister. She is three and a bit months along now and I was asked to be godfather. This spurred me on. I decided to make a website where people could register, login and vote on what the gender and and date of birth would be. There was also to be a guestbook. All the data nicely being stored in the database.
I made everything from scratch, didn't download any scripts. And so when it came to registering, I just did the usual checks and then pumped it all into the database, cleartext.
Meanwhile, 11 people have logged in and voted. Curious as I was, I had a look at the database and saw all the passwords people were using. And I saw their email addresses.
I am certainly not a malignant webmaster, but I checked to see if people would actually use the same password everywhere. I shouldn't have been surprised, but of the 11 so far registered users about 4 of them used the same password for my site as their email.
I realise that in register scripts the passwords would first be made into an md5 hash and then entered into the database. This would probably be the case for most reputable sites.
I wonder though, how many less scrupulous webmasters have actually snooped around other peoples' emails, perhaps even taking information from them and using it to their advantage?
This is quite an obvious thing I am stating of course, passwords have to be stored somewhere and the databases have to be administered. But seeing it for real is another kettle of fish...
So beware!
On a side note, PHP is a dream to work with. I found it very flexible and was able to do some nice things, like using JPGraph. Also, coding HTML and leaving almost all of the layout issues to CSS made for easy going.
Anyway, back on track. So I made a website for my pregnant sister. She is three and a bit months along now and I was asked to be godfather. This spurred me on. I decided to make a website where people could register, login and vote on what the gender and and date of birth would be. There was also to be a guestbook. All the data nicely being stored in the database.
I made everything from scratch, didn't download any scripts. And so when it came to registering, I just did the usual checks and then pumped it all into the database, cleartext.
Meanwhile, 11 people have logged in and voted. Curious as I was, I had a look at the database and saw all the passwords people were using. And I saw their email addresses.
I am certainly not a malignant webmaster, but I checked to see if people would actually use the same password everywhere. I shouldn't have been surprised, but of the 11 so far registered users about 4 of them used the same password for my site as their email.
I realise that in register scripts the passwords would first be made into an md5 hash and then entered into the database. This would probably be the case for most reputable sites.
I wonder though, how many less scrupulous webmasters have actually snooped around other peoples' emails, perhaps even taking information from them and using it to their advantage?
This is quite an obvious thing I am stating of course, passwords have to be stored somewhere and the databases have to be administered. But seeing it for real is another kettle of fish...
So beware!
