Larian Banner
Previous Thread
Next Thread
Print Thread
Security Issue #587057
19/09/16 12:39 AM
19/09/16 12:39 AM
Joined: Sep 2016
Posts: 46
N
NinjaWithSpoons Offline OP
apprentice
NinjaWithSpoons  Offline OP
apprentice
N

Joined: Sep 2016
Posts: 46
Sorry I posted this in an inappropriate thread under Divinity Original Sins 2. I think it belongs here:


When I registered on the forums, my confirmation email contained my password in plain text. Do NOT do this. This also means that you guys are storing passwords in plain text in the database. Do NOT do that either!

Hash them for storage. When someone logs in, hash what they input as the password and compare it to the hash in the database. That is how it should be done. Then you will never have an issue of sending plain text password because it will be impossible.

Our passwords are at risk for no good reason. Not only on this site, but many of us use the same password for various accounts on various websites. Please fix this.

Re: Security Issue [Re: NinjaWithSpoons] #587182
19/09/16 09:00 AM
19/09/16 09:00 AM
Joined: Dec 2003
Posts: 843
Krynn
ForkTong Offline

old hand
ForkTong  Offline

old hand

Joined: Dec 2003
Posts: 843
Krynn
Hello,

The password is sent to your email before it is stored in the database.

I can assure you that the password in the database is properly hashed and salted. I couldn't tell you your password if you asked for it, and anyone that could get into our database would just have rubbish for passwords.

For instance, if you reset your password, you will be sent a temporary password that you need to change immediately. Because: the forum does not know your password. And neither do we.


Tweeting @forktong

Moderated by  Dom_Larian, Larian_QA, Lar_q, Lynn, Macbeth, Raze 

Powered by UBB.threads™ PHP Forum Software 7.6.2