Plaintext password in activation e-mail...
Forum rules
Please read the forum's rules carefully before posting. This forum should not be used to post VLC usage related questions.
Please read the forum's rules carefully before posting. This forum should not be used to post VLC usage related questions.
-
robot_army
- New Cone
- Posts: 5
- Joined: 04 Dec 2007 18:18
Plaintext password in activation e-mail...
passwords should not be sent in plaintext ever, but they're sent out with the account name in the activation e-mail... that's hardcore not secure, don't you think?
-
Jean-Baptiste Kempf
- Site Administrator
- Posts: 37523
- Joined: 22 Jul 2005 15:29
- VLC version: 4.0.0-git
- Operating System: Linux, Windows, Mac
- Location: Cone, France
- Contact:
Re: Plaintext password in activation e-mail...
For the forum ? Really ?
Ask the phpBB team.
Ask the phpBB team.
Jean-Baptiste Kempf
http://www.jbkempf.com/ - http://www.jbkempf.com/blog/category/Videolan
VLC media player developer, VideoLAN President and Sites administrator
If you want an answer to your question, just be specific and precise. Don't use Private Messages.
http://www.jbkempf.com/ - http://www.jbkempf.com/blog/category/Videolan
VLC media player developer, VideoLAN President and Sites administrator
If you want an answer to your question, just be specific and precise. Don't use Private Messages.
-
samsmartguy
- New Cone
- Posts: 3
- Joined: 30 Jun 2008 10:03
- Contact:
Re: Plaintext password in activation e-mail...
I do not agree with you, I think it is quite OK to send password in email letter.
VB.NET programmer, My name is Sam, and my site is samsmartguy.50webscom
-
javad583
- New Cone
- Posts: 1
- Joined: 08 Jul 2008 00:03
- VLC version: 0.9.6
- Operating System: Windows / Linux
- Location: Iran (Islamic Republic Of)
- Contact:
Re: Plaintext password in activation e-mail...
Look , my answer is related to web programming just a bit. In Registration progress, when the engine gots your wanted information such as : user name - password - email address and more, it will begin 2 process. at first it makes an MD5 copy of your desired password and insert it to database, then it set a plain text copy of that to your mail box using mail() function. So your passwords are still secure unless there is any problem due to your mail account security.
Tips ::
1- if you pay attention you will find out that on retrieving password using "Remember password" in (PHPBB), it makes a new copy of password for you randomly, if it was plain text in database there was no need to make a new one !
2- if there is a problem in your mail box there is nothing safe for you , ANYONE can hack you through this link :: ucp.php?mode=sendpassword
3- this is just first my post , congratulation ...
Tips ::
1- if you pay attention you will find out that on retrieving password using "Remember password" in (PHPBB), it makes a new copy of password for you randomly, if it was plain text in database there was no need to make a new one !
2- if there is a problem in your mail box there is nothing safe for you , ANYONE can hack you through this link :: ucp.php?mode=sendpassword
3- this is just first my post , congratulation ...
There is just hope to got it ... TRY ... !!
Re: Plaintext password in activation e-mail...
I was just at my universities computer pool and I was very surprised that my registration mail contained the password - my neighbours or people behind me could have seen it without a problem. In my opinion this is really unsecure.
-
3breadt
- Big Cone-huna
- Posts: 827
- Joined: 19 Mar 2006 11:37
- Operating System: Win7 Pro / OS X 10.7
- Location: Paderborn, Germany
- Contact:
Re: Plaintext password in activation e-mail...
That's how most boards and other sites where you have to register do it, you should be aware about that and never read emails concerning registrations in a public place.
-- 3breadt (aka altglass)
Return to “Forum, Website and Artwork discussion”
Who is online
Users browsing this forum: No registered users and 8 guests