Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
sideways2437ydont wanna interfere here, and know it's bad practice, .... but, how in the world do you _know_ it's saved in plain text?
-
Froot75397y@sideways Because they sent it to him
If they saved passwords properly (hash + unique salt) then they wouldn't know your actual password -
sideways2437ythen again how do you know they saved it plain text... maybe they got the baddest ass bcrypter blowfish with hashes of 12512 bits and saved it in the db like that and sent the mail with a former variable :₱
-
What @sideways is asking, is that they could could always auto generate a password, email it, hash it and finally store it to the db
-
Froot75397y@sideways @ObiSwagKenobi Hmm true true. That's a good point.
I hope that they at least force you to change the password then -
@ObiSwagKenobi the password wasn't auto generated. It was the password I entered at sign up.
-
zankar20697y@iSwimInTheC i had the same idea as @ObiSwagKenobi but in that case well... It's shit.
-
zshh38487yHa! I know your pw starts with “my”. That makes it so much easier to hack your devRant account and post an embarrassing rant muhahahahaha
-
@zshh lol, sorry password is some long unintelligible word from keepass. Good luck.
-
I'm quite sure they sent the credentials in plaintext because they want you to be able to read them 😇
-
biodunch297yMaybe, just maybe they sent your password so you wouldn't forget; before hashing & saving in the db
-
cursee165957yThat kind of feature is quite common and actually more user friendly for people with low IT knowledge and more likely to forget the password habit. I don't think that is the case here though.
-
I don't consider sending the password with an email or sms really secure but I had to implement a feature like that in the last project I worked on. It is a system mostly used by people with little to none technical knowledge, who need to register their clients. Most of the time, their clients have the same technical level as them. So I had to choose between every user having 123456 as their password or auto generating and sending the password with an sms before hashing it to the DB. I'm sure that's not the case here, but I'd really to hear some thoughts on the matter ☺️
-
sideways2437yonly way to figure out if they stored passwords plaintext, or easy encryption is to use "forgot password" if they even have one, if they send your entered password again, then it's safe to say they store *asswords somekind of plaintext. (see what i did there?)
Related Rants
-
dungeonmaster30Well I was in search for an internship and there was this Remote one posted online giving Rs1000(14$) for a mo...
-
AleCx0415Reading programmer stuff on reddit: "C# onlY woRkZ on MicRoSoft aNd m0n0 suCks" Someone else: "Dude, .net c...
-
franga20005Why the hell do people make websites with VALID SSL certs redirect BACK TO HTTP? What the fuck is wrong with t...
Signed up for a driving class...
This is what i get in the mail shortly after.
Fucking fantastic guys! Saving passwords plaintext. Is it because of the government?
rant
fucking idiots