[Code] Putting a users list password in the email subscription email
Robert Ameeti
robert at ameeti.net
Fri Nov 25 15:45:14 UTC 2011
What a horrendously terrible thing to do!!!
It is wrong, wrong, wrong put the users list password in the confirmation email in clear text. It is wrong to be storing the user's password in anything other than a hashed value. IF that user is using the same password on other lists, that email can be found by anyone who has access to that user's email which might be a thief. Please consider changing this procedure asap.
More information about the Code
mailing list