It allows the session database to be compromised easily

It can be brute forced to forge sessions

It can be brute forced to accelerate

None of the above

Dictionary attacks

Web servers

Mass network requests

List processing

When web applications need to use client side JavaScript for an exploitable feature

When exploitation of an application needs to be quickly automated

When one knows the target application has good logging and monitoring

All of the above

Don't, it's bad design

Keep the first password format hidden to all but those that need it

Tell those that have authorization to change their passwords (but don't force them)

Don't use account information in the first password

No, user defined functions are safe

They are a part of SQL clients, and are thus not necessarily dangerous

They are a part of SQL clients, and thus safeguards must be taken to prevent attackers from gaining access to SQL user credentials

They are an optional configuration that must be turned off for fear of exploitation