Plaintext password in activation e-mail...

Discussion about forum rules, new moderators, website content, website layout, VideoLAN artwork etc..
Forum rules
Please read the forum's rules carefully before posting. This forum should not be used to post VLC usage related questions.
robot_army
New Cone
New Cone
Posts: 5
Joined: 04 Dec 2007 18:18

Plaintext password in activation e-mail...

Postby robot_army » 04 Dec 2007 18:23

passwords should not be sent in plaintext ever, but they're sent out with the account name in the activation e-mail... that's hardcore not secure, don't you think?

Jean-Baptiste Kempf
Site Administrator
Site Administrator
Posts: 37523
Joined: 22 Jul 2005 15:29
VLC version: 4.0.0-git
Operating System: Linux, Windows, Mac
Location: Cone, France
Contact:

Re: Plaintext password in activation e-mail...

Postby Jean-Baptiste Kempf » 05 Dec 2007 05:14

For the forum ? Really ?
Ask the phpBB team.
Jean-Baptiste Kempf
http://www.jbkempf.com/ - http://www.jbkempf.com/blog/category/Videolan
VLC media player developer, VideoLAN President and Sites administrator
If you want an answer to your question, just be specific and precise. Don't use Private Messages.

samsmartguy
New Cone
New Cone
Posts: 3
Joined: 30 Jun 2008 10:03
Contact:

Re: Plaintext password in activation e-mail...

Postby samsmartguy » 30 Jun 2008 12:04

I do not agree with you, I think it is quite OK to send password in email letter.
VB.NET programmer, My name is Sam, and my site is samsmartguy.50webscom

javad583
New Cone
New Cone
Posts: 1
Joined: 08 Jul 2008 00:03
VLC version: 0.9.6
Operating System: Windows / Linux
Location: Iran (Islamic Republic Of)
Contact:

Re: Plaintext password in activation e-mail...

Postby javad583 » 10 Jul 2008 13:46

Look , my answer is related to web programming just a bit. In Registration progress, when the engine gots your wanted information such as : user name - password - email address and more, it will begin 2 process. at first it makes an MD5 copy of your desired password and insert it to database, then it set a plain text copy of that to your mail box using mail() function. So your passwords are still secure unless there is any problem due to your mail account security.

Tips ::
1- if you pay attention you will find out that on retrieving password using "Remember password" in (PHPBB), it makes a new copy of password for you randomly, if it was plain text in database there was no need to make a new one !
2- if there is a problem in your mail box there is nothing safe for you , ANYONE can hack you through this link :: ucp.php?mode=sendpassword
3- this is just first my post , congratulation ... :lol:
There is just hope to got it ... TRY ... !!

kirdie
New Cone
New Cone
Posts: 2
Joined: 25 Aug 2009 16:10

Re: Plaintext password in activation e-mail...

Postby kirdie » 25 Aug 2009 16:20

I was just at my universities computer pool and I was very surprised that my registration mail contained the password - my neighbours or people behind me could have seen it without a problem. In my opinion this is really unsecure.

3breadt
Big Cone-huna
Big Cone-huna
Posts: 827
Joined: 19 Mar 2006 11:37
Operating System: Win7 Pro / OS X 10.7
Location: Paderborn, Germany
Contact:

Re: Plaintext password in activation e-mail...

Postby 3breadt » 25 Aug 2009 17:00

That's how most boards and other sites where you have to register do it, you should be aware about that and never read emails concerning registrations in a public place.
-- 3breadt (aka altglass)


Return to “Forum, Website and Artwork discussion”

Who is online

Users browsing this forum: No registered users and 19 guests