Search⌘ K
AI Features
Home
Courses
SQL Antipatterns: Avoiding the Pitfalls of Database Programming

Antipattern: Store Password in Plain Text

Understand the risks of storing passwords in plain text within databases. Explore common security flaws and learn how such practices expose user credentials to attackers through methods like network interception, query logging, and email exposure. Discover why sending unencrypted passwords by email is unsafe and gain insight into securely managing passwords to prevent unauthorized access.

We'll cover the following...

A frequent mistake found in password-recovery solutions is that the application allows the user to request an email containing their password in plain text. This is a dire security flaw related to the database design, and it leads to several security risks that could allow unauthorized people to gain privileged access to the application.

Let’s explore these risks in the following sections. We will assume that our example bug-tracking database has a table Accounts in which each user’s account is stored as a row of the table.

Storing passwords

A password is typically stored in the Accounts table as a string attribute column:

MySQL
CREATE TABLE Accounts (
    account_id SERIAL PRIMARY KEY,
    account_name VARCHAR(20) NOT NULL,
    email VARCHAR(100) NOT NULL,
    password VARCHAR(30) NOT NULL
);

We can create an account ...