 |
By (user no longer on site) OP
over a year ago
|
I was wondering about the security of passwords since they seem to be recoverable by email which indicates they are stored on a server side database. Isn't this bad practice? |
Reply privately, Reply in forum +quote
or View forums list | |
|
By *lighty1Woman
over a year ago
You Dont Need to Know, right now |
"I was wondering about the security of passwords since they seem to be recoverable by email which indicates they are stored on a server side database. Isn't this bad practice?"
I don't understand the technicalities, but of course Fab stores passwords somewhere (so it can recognise you when you log in). However, if a member has forgotten their password, the mail from Fab contains a 1-time-use password, not the same password again. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By (user no longer on site)
over a year ago
|
"I was wondering about the security of passwords since they seem to be recoverable by email which indicates they are stored on a server side database. Isn't this bad practice?
I don't understand the technicalities, but of course Fab stores passwords somewhere (so it can recognise you when you log in). However, if a member has forgotten their password, the mail from Fab contains a 1-time-use password, not the same password again."
Passwords on all sites are stored, some are strored in basic text format and yes that is bad practice but fabs stores it by hashing and salting it or some other encryption thus making them extreamly hard to crack should the website get hacked.
If the site stores passwords in an encrypted format in the database :
When you enter your password the PHP will encrypt the password you entered using the same encryption code that was used to store the password in the database and if the 2 match it will let you proceed. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By (user no longer on site)
over a year ago
|
"I was wondering about the security of passwords since they seem to be recoverable by email which indicates they are stored on a server side database. Isn't this bad practice?"
Aren't all website passwords stored in a database? Otherwise, some poor fecker with a very good memory must have a dull job.
Most databases use an encrypted database field. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By (user no longer on site)
over a year ago
|
"
Aren't all website passwords stored in a database? Otherwise, some poor fecker with a very good memory must have a dull job.
.
 "
Ah, I knew you did something here.  |
Reply privately, Reply in forum +quote
or View forums list | |
» Add a new message to this topic
