Long time reader; first time poster. Hello there.
Now, if I may, a story:
I was recently asked to take a look at a web app for a local club as a favour. It's a really basic public gallery thing where mashed-up clubbers upload photos of themselves looking like berks. Over the past year or so they've had a lot of problems with people uploading large photos as cameras and, more specifically, camera phones have upped the MP count. Turns out the PHP script was limiting files to just over 1mb and they wanted it upped. Simple enough.
Whilst I was in there, I noticed a function called encrypt_me(). It was used everywhere. Passwords, usernames, filenames... everywhere. Out of curiosity I took a peek:
function encrypt_me($password) {
$new_password = "dFoo573_43xxyy-" . $password;
return $new_password;
}
Suffice to say, forward-thinking encryption like this is the reason the site has never been hacked. Modern websites could learn from code like this.