Forum Password Encryption

Discussion on adblockplus.org website and translations
Post Reply
xnamkcor
Posts: 2
Joined: Wed Sep 11, 2013 11:25 pm

Forum Password Encryption

Post by xnamkcor »

Your email claims, "Please do not forget your password as it has been encrypted in our database
and we cannot retrieve it for you.", but just a few lines up your have emailed me my username and password in plaintext. Do you encrypt it after you send it as plaintext across the tubes?
Top
Wladimir Palant

Re: Forum Password Encryption

Post by Wladimir Palant »

This forum is using the standard phpBB software. Indeed, it does encrypt the passwords after sending the confirmation mail. And I agree with you that having the password in plain text in the confirmation mail is very suboptimal - but that phpBB feature isn't configurable. We are looking into migrating to Discourse, its approach to passwords is much more sane. In fact, with Discourse local passwords aren't necessary at all - one can log in with an external service like Facebook, Twitter or Google. So my favorite solution would be disabling local accounts completely - if we don't store any passwords then we don't have to worry about keeping them safe.
Top
Post Reply

Return to “Website and translations”