Author |
Did you just email me my password in plain text? |
|
|
28-Jun-2018 1:42:11 PM
|
I just registered and got emailed my password in plain text. That means that the server is not storing my password encrypted, which means that the passwords of all the users are vulnerable to attack.
Maybe it's time to upgrade the forum software to something from this century.
|
28-Jun-2018 6:57:30 PM
|
On 28-Jun-2018 stib wrote:
>I just registered and got emailed my password in plain text. That means
>that the server is not storing my password encrypted, which means that
>the passwords of all the users are vulnerable to attack.
>
>Maybe it's time to upgrade the forum software to something from this century.
I will bring this post to the attention of Site Author.
In the meantime I think there is an option to change your password within your profile, accessed by clicking on that button from most pages of this site.
However it’s true that this site is operating on an antique platform, and I am not savvy enough about the technology to know if changing your password will solve the issue that you have brought to our attention.
|
29-Jun-2018 10:14:08 AM
|
My memory (which may very well not be correct) is that Michael built/coded this site himself and that it was never an off-the-shelf product. I think overall it has held up very well.
|
29-Jun-2018 11:46:10 AM
|
Fear not. Passwords are encrypted within the database. As mentioned, changing the password sent to you by the system is a good idea.
|
29-Jun-2018 1:37:43 PM
|
Mike, is there any chance of a tweak to the code to let "https:" be recognised automatically as a URL like "http:"?
|
30-Jun-2018 2:03:49 PM
|
On 28-Jun-2018 stib wrote:
>I just registered and got emailed my password in plain text. That means
>that the server is not storing my password encrypted, which means that
>the passwords of all the users are vulnerable to attack.
>
>Maybe it's time to upgrade the forum software to something from this century.
Can still be encrypted within the database, it only means it's not one-way.
Otherwise correct. I think this site still has a future (see CragX thread) but it will need better software - both forum and social media integration. Happy to assist if there's interest.
|
30-Jun-2018 3:38:49 PM
|
On 30-Jun-2018 FatBoy wrote:
>Can still be encrypted within the database, it only means it's not one-way.
It can be a one-way encryption if it's only held in plain text long enough to send the registration email!
|