Connexion
Ce forum permet à des personnes du monde entier de communiquer, c′est pourquoi les messages échangés sont en anglais.

Passwords MUST be salted and hashed

Catégorie : Site web
  • BV 3 0
    Message de Bruno Vernay le
    Hi,
    A huge improvement would be to  never  sent or store passwords in clear text.
    There are lots of resources to help you to this goal:
    (broken link)
    and
    https://stackoverflow.com/questions/10428126/joomla-password-encryption

    Ask me for more help if needed, but please do something.

    Regards
    Bruno
  • 414 0
    Message de Davy le
    Hello Bruno,

    Passwords are of course not stored in clear text. What have you seen for such a conclusion?

    Regards,
    Davy
  • BV 3 0
    Message de Bruno Vernay le 1
    Because I received it by email in clear text. Now I guess it is sent by email and then salted, hashed, stored?

    Still, it would be better to get rid of the clear text as soon as possible, I am not sure that emailing the password is a useful thing.

    But we are entering the user convenience vs. security debate, I don't want to sound too harsh. I really appreciate the forum, the application and the time you devoted to it!
    Thanks
  • 414 0
    Message de Davy le 1
    Oh yes I didn't remember that during the registration step the password was sent by email. I found it convenient for the user but you are right, this is not a good thing for security. This is now fixed, thank you for the report.

    In any case, no passwords are stored in clear text in the database. There is no way to get them.

Connectez-vous ou inscrivez-vous pour participer à la discussion.

Polyphone a besoin de vous !

Polyphone est gratuit mais il y a des coûts associés à son site web et à son développement. Un petit coup de pouce aidera beaucoup.

Faire un don
Apprenez les bases Voir le tutoriel
Haut de
page