I've been reading about database security when it comes to websites. And it says an attacker could steal a database and then have as much time as he wants to get all the user's passwords. If an attacker stole the database, why would he need the passwords as the authentication is done in php? So he could just access all the user's information without knowing the password. Eg a forum with password protected areas. The attacker could try and get the password of a moderator or user with access to the protected area by getting the database (eg the attacker could be an employee of company that hosts the database), and then go to the forum and log in as the user.

veya saldırgan bu atlayın ve sadece gizli alanında mesaj tablosunda bakmak olabilir.

Saldırganın veritabanına erişimi vardı eğer kimlik doğrulaması için gerek kalmadan bu verileri erişebilirsiniz Temelde, neden kullanıcı adı ve şifre ile rahatsız.

(: http://www.richardlord.net/blog/php-password-security Bu blog yazısı bana soru sormak yaptı)