Page 1 of 1

please don't send my password in cleartext in conf email

Posted: 12 Jan 2008, 18:19
by andrewroth
When I register for this forum, it sends out my password *and* login in cleartext in the confirmation email. If anyone ever got in my email, not only would they have a password I use (and try it on a bunch of other sites), they would get on this forum with my login easily since both login and password is there. This is poor security form.


Posted: 12 Jan 2008, 20:10
by admin
Hi Andrew,
You are right it can we a bad idea to send this by cleer test, but I am just using the phpbb CMS for this forum. I have not written it myself. The phpbb developers just though it was a good idea to do that by default.