CSDN website account database security problem

Going to the capital online computer room today, I have been busy a day. Going back to the company to hear a matter of the network to circulate the CSDN account database, you will continue to have friends and members asking me this matter. Is the CSDN account database not clearing the password in a clear text, is it safe? Considering that everyone is very concerned about this, explain the relevant situation:

Early use of the CSDN website is because the lame has not been processed by a third-party CHAT program integrated verification. The programmer in April 2009 was changed to modify the password saving mode, and changed to the encrypted password.

After I went to work in CSDN in 2010, I took over the CSDN product department and the R & D department. During the carding of the entire CSDN website product line, there is still a potential problem of the security of the CSDN account: Although the password saves has been modified to encrypt password, the old preserved plain text password is not cleared; the account database is running in Windows Server SQL Server, there is still potential danger of attack and hanging horses, so I immediately asked the programmer to clear all the expressive passwords.

In September 2010, I formed a new R & D team to override the CSDN user management function. The process of transforming the CSDN account management Passport in “Year of my CSDN”. The new Passport product is online in New Year’s Day, using the SHA256 algorithm + Salt encryption, the account database migrates the SQL Server on Windows Server to the mysql database of the Linux platform, and solves the various security issues of the CSDN account.

Here are questions that you may care about:

First, is the CSDN account database is a clear text to save your password?

Before April 2009, it was clear. After April 2009, it was encrypted, but some clear text passwords were not cleared; in August 2010, I came to CSDN to clean up all clear text passwords.

Second, is my CSDN account safe? Do you need to change your password?

1, if you are a account registered before April 2009, and after September 2010, you have not modified passwords, please change your password immediately;

2, if you are registered after April 2009, and after September 2010, there is no password, it is recommended to change your password;

3, if you are registered after September 2010, you don’t have to change your password, but the mailbox has the possibility of leakage;

4, if you are registered after January 2011, the account, password, and mailbox are very secure;

Third, is the CSDN account database is now safe?

Historical remains have all resolved from 2011 New Year’s Day. The CSDN account database has been migrated to the mysql database on the Linux platform, which has been safely reinforced, and the password encryption is also high.

Fourth, how is the old account database of CSDN?

The currently leaked CSDN plain account data is data before September 2010, most of which is data before April 2009. Therefore, it is possible to judge that the leakage time is before September 2010. Reasons for leaks are unknown, but from the Internet operation perspective, the security of Windows and SQL Server is more difficult, which is why I transform Passport to migrate the main reason for the Linux platform.

5. What if my CSDN account has been stolen?

1. Use forget the password function, the system will reset the password, send the new password to your registration mailbox

2, send an email to the administrator, please manage the administrator to retrieve the account

Sixth, what measures we will make up for this problem?

1. We will prompt to change your password for registered users before September 2010.

2, we will prompt for all weak password users, ask users to change the password

3, we will send all registered users in September 2010 to send the user to change the password