DEV Community


Discussion on: Facebook's plain password storage - how was this possible?

danehrlich1 profile image
Dan E

Almost no one does masking or protecting of their log files data (but they should). Another thing no one does is escape their logging data. So it’s very easy to say pass Linux commands to a website via a form that you know are going to be logged, and by logging that data the server can inadvertently trigger executable remote code...which pretty much means they are pwned.