Chaosforge Forum
General => Forum => Topic started by: Star Weaver on July 18, 2007, 01:43
-
Hey, I just registered, and I noticed that the password I supplied was sent back to me in a clear text email. Um . . . I don't mean to be rude, but that's generally a really bad information security . . . .
I used an unimportant password, at least . . .
-
Umm, what's bad about that? It was sent to *you* only and encoded here in the database. Each time you login here you send your password via plain text via HTTP, because this is not a secure connection. Why should be e-mail any less secure?
Also, you can change the password in the config panel :P. It won't be "remailed" to you AFAIK.
P.S.2: using the same important passwords in many places is "generally a really bad information security"
-
Well, given the nature and scope of chaosforge I'd say those security flaws are acceptable ;)
-
Not to mention that turning off the warnings from a self-signed SSL certificate *costs*, and those warnings are negative public relations. (At least if you want it to work with anything reasonable. I saw reports back in Oct. 2006 that some bargain-certified certificates stopped interoperating with Google Checkout, unfixably.)