General > Forum

Passwords in Emails

(1/1)

Star Weaver:
Hey, I just registered, and I noticed that the password I supplied was sent back to me in a clear text email. Um . . . I don't mean to be rude, but that's generally a really bad information security . . . .

I used an unimportant password, at least . . .

Kornel Kisielewicz:
Umm, what's bad about that? It was sent to *you* only and encoded here in the database. Each time you login here you send your password via plain text via HTTP, because this is not a secure connection. Why should be e-mail any less secure?

Also, you can change the password in the config panel :P. It won't be "remailed" to you AFAIK.

P.S.2: using the same important passwords in many places is "generally a really bad information security"

DaEezT:
Well, given the nature and scope of chaosforge I'd say those security flaws are acceptable ;)

zaimoni:
Not to mention that turning off the warnings from a self-signed SSL certificate *costs*, and those warnings are negative public relations.  (At least if you want it to work with anything reasonable. I saw reports back in Oct. 2006 that some bargain-certified certificates stopped interoperating with Google Checkout, unfixably.)

Navigation

[0] Message Index