Good ideas and conversation. No ads, no tracking. Login or Take a Tour!
YetAnotherAccount · 3898 days ago · link · · parent · post: Hubski PSA: Reply-alerts and comment-alerts have been combined
You're hashing the password serverside, yes? So hash it via two different methods(*) - one for the password check as usual, one that is used as an encryption key to unlock the person's history. This doesn't prevent everything, but at least prevents (for example) someone from walking off with the database and automatically getting everyone's history. (*) Or hash it with two different salts, probably simpler.