Announcement

**RealG187** · Jun 07, 2009, 03:19 PM

Re: Please do not show password in activation email.

I don't think they can do that. There might be a setting, but the email is send out automatically by a computer.

**zanetu** · Jun 11, 2009, 11:20 PM

Re: Please do not show password in activation email.

Originally posted by RealG187

I don't think they can do that. There might be a setting, but the email is send out automatically by a computer.

I know that activation emails are sent automatically by a computer. What I suggest is to disable the the setting (if any) for including passwords in emails. Displaying passwords in plain text is not a good practice.

**Telengard** · Jun 11, 2009, 11:25 PM

Re: Please do not show password in activation email.

Originally posted by zanetu

Displaying passwords in plain text is not a good practice.

Agree.

**AboveTheLogic** · Jun 12, 2009, 10:11 AM

Re: Please do not show password in activation email.

I agree also. I'm always irked when I see my passwords displayed on a screen.

**flarson** · Jun 12, 2009, 01:56 PM

Re: Please do not show password in activation email.

This forum does not use SSL. You should not use a password that is important to you because when you do you are sending it across the network in plain text every time you login to the forum. That is much more of a security problem than it being sent once in an email. If you are using a password for this forum and other insecure URL's that you also use for secure logins you are asking to get cracked.

**Telengard** · Jun 12, 2009, 02:03 PM

Re: Please do not show password in activation email.

Originally posted by mando_hacker

. . . you are sending it across the network in plain text every time you login to the forum. That is much more of a security problem than it being sent once in an email.

Your reasoning is that we should not care because the problem is even worse than we thought. Is that it?

As far as forum accounts being hacked, that would be a bigger problem for the admin than for the users. Sure, we may lose our identities and posts in this forum, but the admin would be left with a useless, empty forum. That would be a shame for all of us.

**dibl** · Jun 12, 2009, 02:14 PM

Re: Please do not show password in activation email.

I think mando hacker is pretty correct on this. He's not saying we should not care because the problem is worse, he's saying it's only a problem if you're using the same password for this forum as you're using for your online banking or credit card access (or porn account or whatever

). I think he's right.

There is nothing to hack or steal on this forum, or there shouldn't be if you've kept private information off of it. So, with nothing at risk, who cares what the password is?

Remember, our host is an uncompensated volunteer -- he can't be expected to assume personal responsibility for forum users' security.

**AboveTheLogic** · Jun 12, 2009, 05:53 PM

Re: Please do not show password in activation email.

Originally posted by dibl

he can't be expected to assume personal responsibility for forum users' security.

nobody's asking him to assume any responsiblity whatsoever

we are just asking that another one of the methods for someone to obtain malicious access to our forum accounts is cleared up if possible

**Telengard** · Jun 17, 2009, 05:46 PM

Re: Please do not show password in activation email.

Too late to worry now. There are already hacked accounts and the pornspam appears to be proliferating quite rapidly.

**flarson** · Jun 18, 2009, 07:59 AM

Re: Please do not show password in activation email.

I guess it is your contention then that DoktorDating stole someones password from their email rather than creating his own account?

**dibl** · Jun 18, 2009, 09:04 AM

Re: Please do not show password in activation email.

Originally posted by Telengard

There are already hacked accounts and the pornspam appears to be proliferating quite rapidly.

Like all open, public Internet forums, this one has been a periodic target of spammers for years. Since any user name that was not previously registered can open an account, there is no practical way to prevent the abuse in advance. That's why we have moderators with the power to close accounts that violate the rules of use.

Again, this is totally irrelevant to the means by which user passwords are transmitted to users. There's nothing here to hack, except the information that a user has chosen to show.

**Telengard** · Jun 18, 2009, 09:26 AM

Re: Please do not show password in activation email.

Originally posted by dibl

Originally posted by Telengard

There are already hacked accounts and the pornspam appears to be proliferating quite rapidly.

Like all open, public Internet forums, this one has been a periodic target of spammers for years. Since any user name that was not previously registered can open an account, there is no practical way to prevent the abuse in advance. That's why we have moderators with the power to close accounts that violate the rules of use.

Again, this is totally irrelevant to the means by which user passwords are transmitted to users. There's nothing here to hack, except the information that a user has chosen to show.

Yeah, I got a little angry when I saw it happening. So I overreacted and jumped to conclusions. Sorry for dragging the thread off topic. Thanks dibl.

**Guest** · Aug 17, 2009, 08:44 AM

Re: Please do not show password in activation email.

How to remove password from activation email

http://www.simplemachines.org/commun...topic=314550.0

**Open Source** · Aug 24, 2009, 07:17 PM

Re: Please do not show password in activation email.

Thanks passingthru, its all fixed now. So sorry everyone, for sending your passwords in clear text all this time.

Announcement

Please do not show password in activation email.

Please do not show password in activation email.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment