SQL Injection Prevention
I was just wondering if PowerStore's code was written with SQL injection prevention in mind? I do see the Validated Field string in the admin log-in page- will this prevent the dreaded, " OR 1 " attack? I was wondering if measures are included to prevent DB table deletions.
Lastly, I'm concerned about the DB security, when I looked at my database, I noticed that the user passwords are not encrypted. Can you provide some information about a secure method of storing and retrieving user passwords?
I tried to encrypt the user passwords table in MySQL, but of course, when the user retrieves their lost password- it's returned to the user in the encrypted format.