Saving plain passwords in the DB ?

Hej,

I just noticed that plain passwords are saved in the DB.

I think thats a big "no no" isn't it?

Koff

  • koff
    • Site Builder, Child of Zeus

    Hej,

    yes I am talking about the "signup password" plugin.

    And it does save the password in the signup table.

    But I see now in the code line 34:

    global $signup_password_form_printed;
    //------------------------------------------------------------------------//
    //---Config---------------------------------------------------------------//
    //------------------------------------------------------------------------//
    $signup_password_use_encryption = 'no'; //Either 'yes' OR 'no'
    $signup_password_form_printed = 0;

    I guess this should be changed to 'yes'. and i would recommend to change this to default.

    Thanks,

    Koff

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.