Home » Featured » Torepublic Hacked, DB Leaked
Click Here To Hide Tor

3 comments

  1. Forum will be back soon :)

  2. I dont get why so many of these sites have databases in the clear.

    I have been working on a few new DN sites and the first thing I did was write an encrypt and decrypt function to handle all the database entries. Encrypts them using openssl’s AES128 encryption.
    My thoughts are that if someone gets the DB through an SQL injection it will be useless.

    It was trivial enough to implement so I am wondering why others are not doing it.

    • Mr. Bear

      Or why they store things they don’t really need for longer than necessary.

      a) smaller faster database

      b) if it is compromised the attacker gets less data

      @VI

      But what if someone gets in via a root exploit? They can grab the key too. Or if someone has access to the hw? Idk about how you implemented it but it could be accessible via other exploits too. Also, why would anyone even let anything entered by the user even touch the database without sanitising it first.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *