Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: lawman
I am the only person who should determine when and how my password is revealed.
And being able to recover an old password is even more problematic. Passwords are supposed to be stored one-way hashed.
I really didn't think my initial observation was too controversial. I'm sure it's mostly because WW was programmed a long time ago when security standards were much lower and their isn't much incentive to change it.
I'm guessing but I suspect 9 out of 10 engineers would say storing passwords in plain text is a bad practice.
I'm a little surprised WW and the folks here don't see this is a bad practice.
[edited by: jecasc at 7:37 am (utc) on Jun 17, 2011]
I see forgetting your password as a bad practice.
[edited by: wheel at 3:32 pm (utc) on Jun 17, 2011]
In fact, since it covers topics of interest to webmasters, I was surprised it made such a novice security error
You could also turn that around and argue that the WebmasterWorld audience ought to know better than to register with a password they also use to protect sensitive information elsewhere.
[edited by: jecasc at 6:04 pm (utc) on Jun 17, 2011]
. This is one of the few security issues that is actually real, not theoretical. I thought I was pointing out something obvious and non-controversial and so am shocked by some of the responses.Some people don't care. You're making a mountain out of a molehill, and can fix any security issues here that you're concerned about yourself anyway.
If you're actually concerned about security, you shouldn't even be posting here.