next »

[dark_cat]

hi, I recently signed up on your website and after getting the confirming email I was surprised to find my password shown to me in plaintext (http://hastebin.com/kugoyatena.vhdl)

i strongly recommend hashing the passwords (if they're not already) because if someone would magically gain access to the databases a lot of bad things could happen 

if they are indeed hashed, then nevermind this thread!

[Layl]

Just because you're sent your password in an email on creation (which is in itself a problem, email isn't the most secure of connections) doesn't mean it's not hashed, salted, sprinkled with fairy dust and locked behind 20 meter thick iron gates once it gets put in the database.

[Cheezmeister]

Those gates could be made of the finest D'ni nara and it wouldn't matter; echoing it back over email defeats the purpose of any server-side security. Why crash the gates when you can just wiretap?

Not that I'm particularly worried about the security of this handle compared to jucier targets like say, my Google or Amazon accounts, but still. Extremely poor form.

To whom it may concern, please turn off this "feature".

[Christian Knudsen]

There's already a thread for this just 4 threads below this one:

http://forums.tigsource.com/index.php?topic=37198.0

EDIT: Oh, this was moved from the Technical forum.

[Dacke]

I've talked with the technical admin who says he will fix it when he gets the time.