How to refuse to give an access to passwords to a customer without being unprofessional or rude?

Posted by MainMa on Programmers See other posts from Programmers or by MainMa
Published on 2012-06-02T09:44:47Z Indexed on 2012/06/02 10:50 UTC
Read the original article Hit count: 285

Filed under:

security

|

customer-relations

Let's say you're creating a website for a customer. This website has its own registration (either combined with OpenID or not). The customer asks you to be able to see the passwords the users are choosing, given that the users will probably be using the same password on every website.

In general, I say:

either that it is impossible to retrieve the passwords, since they are not stored in plain text, but hashed,
or that I have no right to do that or that administrators must not be able to see the passwords of users, without giving any additional details.

The first one is false: even if the passwords are hashed, it is still possible to catch and store them on each logon (for example doing a strange sort of audit which will remember not only which user succeeded or failed to logon, but also with which password). The second one is rude.

How to refuse this request, without being either unprofessional or rude?

© Programmers or respective owner

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More

Related posts about customer-relations

When should complexity be removed?

as seen on Programmers - Search for 'Programmers'
Prematurely introducing complexity by implementing design patterns before they are needed is not good practice. But if you follow all (or even most of) the SOLID principles and use common design patterns you will introduce some complexity as features and requirements are added or changed to keep… >>> More
how do I write a functional specification quickly and efficiently

as seen on Programmers - Search for 'Programmers'
So I just read some fabulous articles by Joel on specs here. (Was written in 2000!!) I read all 4 parts, but Im looking for some methodical approaches to writing my specs. Im the only lonely dev, working on this fairly complicated app (or family of apps) for a very well known finance company. I've… >>> More
Intelligence as a vector quantity

as seen on Programmers - Search for 'Programmers'
I am reading this wonderful book called "Coders at Work: Reflections on the Craft of Programming" by Peter Seibel and I am at part wherein the conversation is with Joshua Bloch and I found this answer which is an important point for a programmer. The paragraph, goes something like this. There's… >>> More
how do I write a functional spec quickly and efficiently

as seen on Programmers - Search for 'Programmers'
So I just read some fabulous articles by Joel on specs here. (Was written in 2000!!) I read all 4 parts, but Im looking for some methodical approaches to writing my specs. Im the only lonely dev, working on this fairly complicated app (or family of apps) for a very well known finance company. I've… >>> More
What are your advice, methods, or practices to take out the most from a day on-site at a customer?

as seen on Programmers - Search for 'Programmers'
We just deployed a large software that affects the way the user work-day looks like in many aspects. It changes a lot of things in the way they interact between eachothers. The developers of the team are taking rounds and spending one day at the customer's site to understand better what is a typical… >>> More