Guest
Show Posts
1
Forum suggestions and report forum problems. / Passwords are sent by email, stored as plain text
« on: November 03, 2015, 11:17:39 AM »
Hey y'all, so your product is great but your forum is putting your customers at risk of their online data being compromised.
I just registered for your forum and received an email that included my password sent as plaintext. This is only possible if you all have the password stored in your database as text, rather than a hash. When passwords are stored in this way it means that, were your database to be compromised, every single user login and email would have the associated password conveniently visible to whoever gained access. I'm sure you know that many of your users likely use one password for many of their accounts, including the email they use to register with this forum.
Y'all need to fix this immediately.
For reference: http://plaintextoffenders.com/faq/devs
Thank much, be well.
I just registered for your forum and received an email that included my password sent as plaintext. This is only possible if you all have the password stored in your database as text, rather than a hash. When passwords are stored in this way it means that, were your database to be compromised, every single user login and email would have the associated password conveniently visible to whoever gained access. I'm sure you know that many of your users likely use one password for many of their accounts, including the email they use to register with this forum.
Y'all need to fix this immediately.
For reference: http://plaintextoffenders.com/faq/devs
Thank much, be well.