Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
I just tried to access the site in that screenshot and got a certificate error... Loads of trust right now...
-
lotd77757yThey probably also stored his card or whatever in their DB, to keep "track" og transactions...
-
remind me of the rant I saw earlier where the password was in plaintext + it is 'p@ssw0rd' XD
-
kurtr126507y@vhoyer yeah but also to be fair they probably shouldn't take the liberty of taking a email address from a booking reference fo4lr an event and create a user account with it (probably to make their stats look better). Even if you get past that - temporary or not a cleartext password is bad news for a whole lot of reasons, it's far better to use a one time token.
-
While I agree that a one time token is best, there's nothing wrong with generating a pass, sending it in an email then saving the hashed version in the db.
Odds are you'll be prompted to change it aftet the first login too.
Related Rants
So my boss booked me a spot at a conference about "the future of online payments" and I received an email with auto created account (there was no sign up) with a clear text password.
I'm feeling pretty confident that I can trust them to guide and advise me on best practices when it comes to handling sensitive information.
rant
clear text
taking liberties
free 2 day holiday