Security manager's journal: Helping in-house developers
This week I found out that my company is developing software in-house. Until now I hadn't known that we were a software development shop, but I guess I shouldn't be surprised. Most companies that I've been with have developed their own software for one purpose or another. I only learned about this software development project when one of the programmers approached me to ask about the best way to store usernames and passwords in the application's database. Yes, that's right -- they built the authentication right inside the application, instead of calling out to an external authentication source.