The Gaming Den

Is there any chance the admins can stop storing passwords in plain text, or at least warn users that passwords are accessible in plain text?

[TGFBS]
Forwarded to the IT Department.
[/TGFBS]

Oooh - I'm the IT Department now, rather than "that jerk that takes three months to solve the e-mail problem?" Sweet!

I have to admit I'm not sure what you're talking about, krain. If I go to the admin console I can't see your password (or anybody else's for that matter). It's possible that if I were to log into the database directly, I'd see what you're talking about. But I don't have MySQL setup on this PC so I can't login now to check.

Can you elaborate as to why you think the password is stored in plain text? That might help me find a solution.

Zherog wrote:Oooh - I'm the IT Department now, rather than "that jerk that takes three months to solve the e-mail problem?" Sweet!

Congrats on your promotion.

I have to admit I'm not sure what you're talking about, krain.

Oh, thank God. I had no clue either.

Game On,
fbmf

Sure. When I created the account I was given a confirmation email. This confirmation email had both my user name and my password (plaintext).

This is a really big sign that the passwords are stored in plain text, and it looks like it's a persistent issue even in 3.04: http://www.phpbb.com/community/viewtopi ... &t=1548605

Ideally passwords should be stored as a MD5+SHA-1, perhaps Salt. Here's a great article on how it should be done (and why): http://www.devbistro.com/articles/Java/ ... Encryption

And here, with more verbose points: http://www.codinghorror.com/blog/2007/0 ... ectly.html (scroll down to see the bullet points.

While The Gaming Den is likely to never be targeted, sending over email is still a big problem, especially if they use the same or similar password for other services.