• jaybone@lemmy.zip
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    5 days ago

    Now that I’m thinking about this it’s bugging me too. If they are passing it to shell scripts maybe it’s interpreted as a comment? Some databases like Oracle use # to separate schema prefix from schema user and table name in a query? But none of those would really make sense here 🤷

    EDIT they are storing it in plain text, with other values using # as a delimiter? lol

    • Dave@lemmy.nz
      link
      fedilink
      arrow-up
      1
      ·
      5 days ago

      I considered database stuff, but my password shouldn’t go anywhere near the database!

      If they are storing it as plain text in this day and age, then there is no hope for the human race 🤦

      • ViatorOmnium@piefed.social
        link
        fedilink
        English
        arrow-up
        4
        ·
        5 days ago

        “Shouldn’t” and “won’t” are too very different words. There are plenty of shitty programmers out there, and they tend to band together. And now you have vibe coders on top.

        • Dave@lemmy.nz
          link
          fedilink
          arrow-up
          2
          ·
          5 days ago

          Based on the place (a supermarket rewards card), I’m assuming legacy code. But you’re right, the most likely answer is it’s shitty legacy code.

          • trxxruraxvr@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            5 days ago

            Doesn’t even have to be legacy, some programmers are just completely unaware of the concept of security. I’ve seen services where the forgot password functionality would send your existing password back to you in plaintext.