Log inUsernamePassword
Log me on automatically each visit    
Register
Register
Log in to check your private messages
Log in to check your private messages
SMS Forum Index » Suggestions

Post new topic   Reply to topic
SMS Forum: Don't email out UN&PW in Plain Text
View previous topic :: View next topic  
Author Message
neildaemond
Junior Member


Joined: 27 May 2011
Posts: 2

PostPosted: Sun Jun 19, 2011 6:35 am    Post subject: SMS Forum: Don't email out UN&PW in Plain Text Reply with quote

When I signed up for this forum, the username and password were sent back to me in the confirmation email.

It is really bad practice to do this as anyone listening can see whats in the email.

If users use these passwords for other things (which is common), this becomes a security breach for other sites as well.
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Sun Jun 19, 2011 10:39 am    Post subject: Reply with quote

That's the normal behavior of phpBB2, and beside that, login details comes to your email, where you only have access.
Now if someone hack your email, he could retrieve the data quite easily from any board, and that's the weak point.
It's not wise to use the same password, for all sites, especially if that's a support forum with no private data of any kind.
I have in mind upgrading to phpBB3, I already found a style (need some tweaks), make a test upgrade, but it's not my top priority.

Thank you for your concern on this forum's security, I disable text password in welcome mail.

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
neildaemond
Junior Member


Joined: 27 May 2011
Posts: 2

PostPosted: Mon Jun 20, 2011 4:49 am    Post subject: Reply with quote

Yeah, its always a bad idea to use the same password for different things. I don't, but its a common mistake people make.

I think you can agree too that a user's password should never be seen in plain text, anywhere. Its good you removed it, and are looking into the new phpBB~

keep up the good work with this distro~!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    SMS Forum Index » Suggestions All times are GMT + 2 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional