TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
Jitse
NA
8
0
Security Suggestion: Hashing
Nov 17 2007 2:48 PM
Good day,
First of all, this is a nice forum. :) I still haven't got a 'check-daily-forum' for C#, but this one seems to fit, although it's a little slow maybe.
I have one suggestion though, I noticed you send a notification mail when eg. you change your account information, or when you use the lost password thing or so. And in that mail you add the password of the user.
Now this is something that always annoyed me: since you can tell me my own password, that means my password is stored somewhere on your servers. That's not how a service is supposed to work, a service should only store the hash of the password on the servers. That's the reason why many services can only 'reset' your password, instead of recovering it. This is not only safer with storing, but also sending the password when someone logs in, creates an account, ... Encpryption is certainly not enough, and doesn't fit for passwords anyway. Are you planning on changing this?
Anyway, I hope this forum will get more active every day. :)
Reply
Answers (
0
)
back button menu
Free download ASP.NET, AJAX ebooks