[Code] Putting a users list password in the email subscription email
Andrew Arnott
andrewarnott at gmail.com
Fri Nov 25 17:32:00 UTC 2011
FWIW, anyone who has access to that person's email already owns that user
anyway.
But for the record, I'm also against this practice.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Fri, Nov 25, 2011 at 7:45 AM, Robert Ameeti <robert at ameeti.net> wrote:
> What a horrendously terrible thing to do!!!
>
> It is wrong, wrong, wrong put the users list password in the confirmation
> email in clear text. It is wrong to be storing the user's password in
> anything other than a hashed value. IF that user is using the same password
> on other lists, that email can be found by anyone who has access to that
> user's email which might be a thief. Please consider changing this
> procedure asap.
>
> _______________________________________________
> Code mailing list
> Code at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-code
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20111125/f1ca2350/attachment.html>
More information about the Code
mailing list