Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

 
Advanced search

1402007 Posts in 68021 Topics- by 61604 Members - Latest Member: pnaser74

August 09, 2022, 02:20:49 AM

Need hosting? Check out Digital Ocean
(more details in this thread)
TIGSource ForumsCommunityTownhallForum IssuesTIGForums storing passwords in plaintext (?)
Pages: [1]
Print
Author Topic: TIGForums storing passwords in plaintext (?)  (Read 2422 times)
dark_cat
Level 0
*


View Profile
« on: June 27, 2015, 02:56:54 PM »

hi, I recently signed up on your website and after getting the confirming email I was surprised to find my password shown to me in plaintext (http://hastebin.com/kugoyatena.vhdl)

i strongly recommend hashing the passwords (if they're not already) because if someone would magically gain access to the databases a lot of bad things could happen Crazy

if they are indeed hashed, then nevermind this thread!


Logged
Layl
Level 3
***

professional jerkface


View Profile WWW
« Reply #1 on: June 27, 2015, 04:25:26 PM »

Just because you're sent your password in an email on creation (which is in itself a problem, email isn't the most secure of connections) doesn't mean it's not hashed, salted, sprinkled with fairy dust and locked behind 20 meter thick iron gates once it gets put in the database.
Logged
Cheezmeister
Level 3
***



View Profile
« Reply #2 on: June 27, 2015, 06:12:26 PM »

Those gates could be made of the finest D'ni nara and it wouldn't matter; echoing it back over email defeats the purpose of any server-side security. Why crash the gates when you can just wiretap?

Not that I'm particularly worried about the security of this handle compared to jucier targets like say, my Google or Amazon accounts, but still. Extremely poor form.

To whom it may concern, please turn off this "feature".
Logged

෴Me෴ @chzmstr | www.luchenlabs.com ቒMadeቓ RA | Nextris | Chromathud   ᙍMakingᙌCheezus II (Devlog)
Christian Knudsen
Level 10
*****



View Profile WWW
« Reply #3 on: June 28, 2015, 05:11:02 AM »

There's already a thread for this just 4 threads below this one:

http://forums.tigsource.com/index.php?topic=37198.0

EDIT: Oh, this was moved from the Technical forum.
Logged

Laserbrain Studios
Currently working on Hidden Asset (TIGSource DevLog)
Dacke
Level 10
*****



View Profile
« Reply #4 on: July 01, 2015, 01:54:43 PM »

I've talked with the technical admin who says he will fix it when he gets the time.
Logged

programming • free software
animal liberation • veganism
anarcho-communism • intersectionality • feminism
Pages: [1]
Print
Jump to:  

Theme orange-lt created by panic