Sign in
Polyphone Forum

Passwords MUST be salted and hashed

Category: Website
  • BV 3 0
    Message from Bruno Vernay on
    Hi,
    A huge improvement would be to  never  sent or store passwords in clear text.
    There are lots of resources to help you to this goal:
    (broken link)
    and
    https://stackoverflow.com/questions/10428126/joomla-password-encryption

    Ask me for more help if needed, but please do something.

    Regards
    Bruno
  • 410 0
    Message from Davy on
    Hello Bruno,

    Passwords are of course not stored in clear text. What have you seen for such a conclusion?

    Regards,
    Davy
  • BV 3 0
    Message from Bruno Vernay on 1
    Because I received it by email in clear text. Now I guess it is sent by email and then salted, hashed, stored?

    Still, it would be better to get rid of the clear text as soon as possible, I am not sure that emailing the password is a useful thing.

    But we are entering the user convenience vs. security debate, I don't want to sound too harsh. I really appreciate the forum, the application and the time you devoted to it!
    Thanks
  • 410 0
    Message from Davy on 1
    Oh yes I didn't remember that during the registration step the password was sent by email. I found it convenient for the user but you are right, this is not a good thing for security. This is now fixed, thank you for the report.

    In any case, no passwords are stored in clear text in the database. There is no way to get them.

Sign in or register to take part in discussions.

Polyphone needs you!

Polyphone is free but there are costs associated with its website and development. A small donation will help a lot.

Donate
Learn the basics Try a tutorial
Scroll to
top