我想称在数据库中以纯文本形式存储密码"是一种不好的做法……但我们的客户在他的应用程序中这样做了.他们希望我续订该申请.

I want to call "storing a password in plain text in a Database" a bad pratice... but our customer did this in his Application. They want me to renew that Application.

我的意思是:我想改变这一点……但由于我们的客户不需要它，所以还不清楚.

My point: I want to change this...but since it is not a need for our Customer it is still unclear.

您如何处理此类安全问题?在我看来，很难向客户解释这些问题.

How do you handle such issues regarding security? From my point of view it is difficult to explain such issues to Customers.

推荐答案

写一封简短、清晰且没有行话的正式信函，说明您的疑虑，并得出结论，根据您的专业意见，应该予以纠正.向客户中相当高的人提出.

Write a short, clear and jargon-free formal letter stating your concerns and concluding that in your professional opinion, it should be rectified. Address it to someone reasonably high up in the customer.

如果他们随后选择忽略您的建议，那是他们的特权.

If they then choose to ignore your advice, that's their prerogative.

(您自己也保留一封信.)

(Keep a copy of the letter yourself, too.)