Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
No. Way. Holy sh*t! ... I mean, at least it's https. But the URL will be in your browser history, right? Whoever designed this is a complete moron.
-
Kolyness1968yHow can you end up building a site for such a big company, without at least having a bad feeling about this?
-
Also, matching both passwords (new and confirmed) on the server side seems superfluous. (Didn't notice that earlier because I instantly rage'd about the GET request itself...) Could have done that right there in JS I guess.
-
The code review for this was probably held in a bar and after ensuring that all the developers have had at least 10 shots of vodka each.
-
@shredEngineer If they did that in JS, how the hell would THEY DISPLAY YOUR PASSWORDS IN THE EFFING URL BAR TO THE ENTIRE UNIVERSE?!
-
khaledh6928y@shredEngineer it's not his browser history that he should be worried about, it's the web server logs. The request will be logged and the password will be stored in clear text. If the logs fall in the wrong hands then it's a bad day for everyone.
-
brod99258yHmm, I just did the same thing and this request was never made - how olds the screenshot?
-
@brod Hardly 24 hours old. You won't get an output like this in routine. My internet connection went super slow when I submitted the password rest form, it kept reloading. I, being impatient, refreshed the page and I was greeted with the blank white page and the corresponding URL in the link bar. After that, I changed my password and never saw this.
In short, yes, this thing is still there if searched deeply. -
@realbisoye I would not do this after a bottle of vodka. Don't ask how I know that :(
Lately, Namecheap has been forcing their users to change passwords once every six months. Otherwise, they bombard you with annoying popups. When I finally changed mine, this is how they did it on their end. I just can't deal with the irony of this whole situation...
undefined