JPDev@programming.dev to Software Gore@programming.dev · 5 months agoPassword must match the followingprogramming.devexternal-linkmessage-square49fedilinkarrow-up1427arrow-down14
arrow-up1423arrow-down1external-linkPassword must match the followingprogramming.devJPDev@programming.dev to Software Gore@programming.dev · 5 months agomessage-square49fedilink
minus-squareAggressivelyPassive@feddit.delinkfedilinkarrow-up17·5 months agoWe have a system that mails your password if you change it. It’s just for internal users, but still.
minus-squareMonument@lemmy.sdf.orglinkfedilinkEnglisharrow-up13·5 months agoThat means those suckers are either stored plaintext or stored with decryption key that is somewhere within the server. Yeesh.
minus-squareTja@programming.devlinkfedilinkarrow-up11·5 months ago“if you change it”. It might send the email before storing it as a salted hash in the DB. Unlikely, but possible.
We have a system that mails your password if you change it. It’s just for internal users, but still.
That means those suckers are either stored plaintext or stored with decryption key that is somewhere within the server. Yeesh.
“if you change it”. It might send the email before storing it as a salted hash in the DB. Unlikely, but possible.