Bit Blot Forum

Aquaria => Support => Topic started by: kolAflash on June 22, 2013, 03:19:33 am

Title: Please stop the forum from mailing the password to new users
Post by: kolAflash on June 22, 2013, 03:19:33 am

Currently the forum mails the password after creating an account. That's an absolute bad security practice! Just mail the activation link, that's enough.

By the way:
Do you save the password as salted hashes? Please don't save the original password! This describes why (not just for PHP).
http://php.net/manual/en/faq.passwords.php

Title: Re: Please stop the forum from mailing the password to new users
Post by: Kateweb on January 12, 2014, 07:20:35 pm

I was pissed when I saw my password in plain text and had to create a new one.