matt at michielsen.us
Thu May 14 17:24:16 BST 2009
You're absolutely right. I definitely have my doubts about their care
for/knowledge of basic security practices after sending out passwords
through email. However, it looks like they're using Joomla, which uses MD5
password encryption by default. I guess I shouldn't be so cynical.
On Thu, May 14, 2009 at 10:56 AM, Scott Moser <smoser at brickies.net> wrote:
> On Thu, 14 May 2009, Matt Michielsen wrote:
> > Looks like they're still storing in plain-text. Here's their fix:
> > Password: [not sent for your security]
> Unless you've looked at their source, you don't actually know that
> they're storing it in plaintext. You only know that they sent you an
> email with a string that you provided them with.
> They could just send you the plaintext value, and store the hashed, then
> once email is sent they'd never see that plaintext again.
> In that case, the above would be a "real" fix.
> ubuntu-us-mi mailing list
> ubuntu-us-mi at lists.ubuntu.com
> Modify settings or unsubscribe at:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-us-mi