I had a recent discussion about web app security and we were talking about the not-so-distant past when SQL-injection was the scariest thing since polio. 90% of these attacks didn’t try to return everyone’s credit card information from a database (people knew pretty early to be careful when storing this stuff), they were attempts to simply return a username and password. I wanted to go over a simple method for guarding against password retrieval that should be second nature for any developer.
