You are not logged in.

Dear visitor, welcome to KDE-Forum.org. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

1

Thursday, March 20th 2003, 12:23pm

KDE Forum emailed me my password!!

I received an email confirming that I had joined KDE-Forum, advising my login and password, and stating "Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you."

It is good that the password is encrypted in your database, but it's a major security hole that it is sent out in plain text via email!

Please modify the welcome message to NOT contain the password.

Thank you.

2

Saturday, March 22nd 2003, 9:46pm

That's part of phpBB. I think they should send it encrypted.
"Chopsticks require a person to use 64 muscles and 30 articulate movements simultaneously, which also acts in developing brain potential."

3

Friday, October 10th 2003, 3:40pm

That is to show how weak the password is.

(You do not access the forum by https:// either.)

Have a nice day!

kde-forum

Unregistered

4

Friday, October 10th 2003, 5:16pm

editing

I will edit the registration email so the mail wont send the password.

5

Friday, October 10th 2003, 8:36pm

May be I was not clear enough: sending it or not will not change the fact that it is a weak password, as it was sent in clear to the server (or the server would not have been able to return the password in the email.)

Before another misunderstanding appears: coding it in the client with crypt does not change much the problem, as the password exchanged between client and server is exactly the same byte sequence for each login.

Have a nice day!