|
|
Joined: Jul 2008
Posts: 50
Journeyman
|
|
Journeyman
Joined: Jul 2008
Posts: 50 |
Hi Folks,
I updated from version 5.47 (yes, ancient) and on that old board I used to get emailed copies of every new registration request which included all the info and the password given. On the new board, I don't seem to be getting them anywhere. Any idea what setting I have wrong, where to fix it or does the new board no longer email copies out?
Brian
|
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
You could enable the registration queue which would email you when every user registers.
I don't believe it sends out the passwords however, keep in mind that, from a security standpoint, providing any sort of passwords in plaintext is definitely insecure. In UBB7 all passwords are encoded for user and account protection.
|
|
|
|
|
Joined: Jul 2008
Posts: 50
Journeyman
|
|
Journeyman
Joined: Jul 2008
Posts: 50 |
We always had the passwords come to us with registration number and that was useful many times when someone changed their email address and had no way to receive a password. I see the new board allows us to send a new password out etc. but that feature was also good to have as a record keeping feature. If no one but the registered user can see the password it is harder to demonstrate to them that their password really does work. The feature that allows me to "assume" their identity doesn't deal with the password working or not issue. If I can assume their identity in the first place, what is the harm of me KNOWING their password?
Seems odd to me. Our old board was version 5.47 which we just upgraded to this version after using that one non stop from 2000.
Brian
|
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
The admin can assume their identity indeed yes, this is useful for checking bugs, changing passwords, etc.
The issue is, sending data online in plain text, and storing it on a computer itself is insecure... think of it this way, you get hacked, or you have someone work on your computer, oh lookie here, thousands of account usernames and passwords with email addresses... Now you're not only responsible for your users account on your site, you're also responsible for if they use the same password on their email account; which can in itself lead to other issues.
Ultimately, storing passwords in plain text anywhere is like keeping your creditcard number written down on a piece of paper that has been taped to your monitor.
|
|
|
Bots
by Outdoorking - 04/13/2024 5:08 PM
|
|
|
|
|
|
|
|
|
|
|
2 members (Ruben, 1 invisible),
998
guests, and
205
robots. |
|
Key:
Admin,
Global Mod,
Mod
|
|
|
|
