[ubuntu-us-mi] Linux.com
Scott Moser
smoser at brickies.net
Thu May 14 15:56:18 BST 2009
On Thu, 14 May 2009, Matt Michielsen wrote:
> Looks like they're still storing in plain-text. Here's their fix:
>
> Password: [not sent for your security]
Unless you've looked at their source, you don't actually know that
they're storing it in plaintext. You only know that they sent you an
email with a string that you provided them with.
They could just send you the plaintext value, and store the hashed, then
once email is sent they'd never see that plaintext again.
In that case, the above would be a "real" fix.
More information about the ubuntu-us-mi
mailing list