Hi i created an account and i notice something wrong

#1 by legendarysnake , Sun Oct 23, 2016 2:00 pm

First of all, i created an account here because im looking for playstation 1 cover packs. Said that, im notice that i received an e-mail with my login and my PASSWORD!!! Which that means the site must have a data base with the passwords of all users, which is an extremely serious security flaw! A good site use encryption to not know the passwords of their users, which seems not to be the case this forum. I suggest you change this system.

Theres a good article about this that im posting here, please read.

____________

"Here are two issues we have with being mailed a password:

Email is not a safe medium. Man in the middle attacks are easy to pull off between server. The communication protocol in itself is not encrypted.
If someone were to hack into any mail account, all they need to do is search for ‘password’ and they have all of the user’s passwords. (Editor’s Note: you don’t have to have someone hack your account - just imagine how many people forget their email accounts logged in on public computers)
The fact that you send the initial password in plain text doesn’t mean you store it, but as you can see from the site, many people use the ‘forgot password’ option on sites and get their password sent back to them - a clear indication that the password is stored in plain text (or using reversible encryption, which is pretty much the same).

All in all - it’s not a safe thing to do and an indicator of low security standards. We use emailed passwords as proof of that."

font
http://plaintextoffenders.com/post/70066...new-password-in


legendarysnake  
legendarysnake
Posts: 1
Date registered 10.14.2016


RE: Hi i created an account and i notice something wrong

#2 by Rocky , Mon Oct 24, 2016 10:37 am

Hi legendary,

Thanks for your post.
Unfortunately because this forum is currently running on a basic package from the provider, that is something I cannot change myself as Admin. And if I did upgrade the forum to the most expensive package, which I currently cannot afford to do, I am not sure if this will get rid of the password issue or not.
It is down to the hosts and them making this board hold the passwords and I cannot control that.

As Admin, I have logged into the control panel and I cannot see anybodies passwords.

Thank you,
Paul



 
Rocky
Admin
Posts: 409
Date registered 06.30.2015
Thanks 374

Last edited 10.24.2016 | Top

   

upload in progress never finalizes
Does a massive game art collection torrent exist?

The forum and the services provided are absolutely free. However it does cost money to run this website. You can donate towards the running of the site by clicking the 'Donate' button above. Thank you!
disconnected Chat Members online 7
Xobor Create your own Forum with Xobor