Chaosforge Forum

  • March 28, 2024, 04:47
  • Welcome, Guest
Please login or register.



Login with username, password and session length
Pages: [1]

Author Topic: Passwords in Emails  (Read 4919 times)

Star Weaver

  • Private FC
  • *
  • Offline Offline
  • Posts: 18
    • View Profile
Passwords in Emails
« on: July 18, 2007, 01:43 »

Hey, I just registered, and I noticed that the password I supplied was sent back to me in a clear text email. Um . . . I don't mean to be rude, but that's generally a really bad information security . . . .

I used an unimportant password, at least . . .
Logged

Kornel Kisielewicz

  • God Hand
  • Apostle
  • *
  • *
  • Offline Offline
  • Posts: 4562
    • View Profile
    • http://chaosforge.org/
Re: Passwords in Emails
« Reply #1 on: July 18, 2007, 05:39 »

Umm, what's bad about that? It was sent to *you* only and encoded here in the database. Each time you login here you send your password via plain text via HTTP, because this is not a secure connection. Why should be e-mail any less secure?

Also, you can change the password in the config panel :P. It won't be "remailed" to you AFAIK.

P.S.2: using the same important passwords in many places is "generally a really bad information security"
Logged
at your service,
Kornel Kisielewicz

DaEezT

  • Greater Elder
  • Colonel
  • *
  • *
  • Offline Offline
  • Posts: 565
    • View Profile
Re: Passwords in Emails
« Reply #2 on: July 18, 2007, 12:36 »

Well, given the nature and scope of chaosforge I'd say those security flaws are acceptable ;)
Logged
"Morality is merely a convention with which men mutually agree to delude themselves. There are no moral facts, just preferences, and one is no better than any other."

zaimoni

  • Greater Elder
  • Corporal
  • *
  • *
  • Offline Offline
  • Posts: 59
    • View Profile
Re: Passwords in Emails
« Reply #3 on: July 18, 2007, 20:43 »

Not to mention that turning off the warnings from a self-signed SSL certificate *costs*, and those warnings are negative public relations.  (At least if you want it to work with anything reasonable. I saw reports back in Oct. 2006 that some bargain-certified certificates stopped interoperating with Google Checkout, unfixably.)
Logged
Pages: [1]