|
|
Dear sirs,
A few hours ago someone with url 213.238.151.77 illegally requested my userid/password using a valid email address. This request was honored bij a PLAIN text email stating my userid, my email address and my password.
Is it possible fo you to protect my privacy by using encryption?
Thank you,
Hans Reijers
(hans.reijers @ planet.nl)
|
|
|
|
|
|
I think hes talking about if you request a lost password from CP, it sends an email with your password. And he wants the passwords to be md5'd or something.
|
|
|
|
|
Sam2006 and administration,
Yes, that's right. Anyone who knows your email address can request for your userid and password at Codeproject.com
There is no check if this is a valid request. The password itself is sent in PLAIN text.
There is no way a user can prevent abuse this way. It needs a change in forum policy.
Maybe the same protocol as used for registering (user MUST reply to an encoded message) can be used for sending a ONETIME new replacement password.
Thanks,
Hans Reijers.
|
|
|
|
|
What possible use would that be? The whole purpose of the request is to give you your password, if it is encoded then it won't be of any use to you. If someone requests your password and has access to your e-mail account, then they will be able to get your password regardless of whether it is sent as plain text or requires an extra confirmation. Even if it sends a onetime password it will still go to your e-mail account.
The current approach is perfectly adequate to protect your privacy. CodeProject.com cannot be held responsible if your own computer systems and accounts are comprimised.
|
|
|
|
|
Hi Sam,
My bad - I thought it was a generic statement - not CP in specific.
Jeff
|
|
|
|
|
The only person who will receive that email is you.
cheers,
Chris Maunder
CodeProject.com : C++ MVP
|
|
|
|
|
Not always. Maybe the user receives it through a mail server that has been compromised, what if that password is also their password to something else, say maybe access to a server or something like that. Also what if the user opens the email and a colleague comes in and sees it. I know you are not responsible for anything that goes wrong, but it would be nice if you did implemented this for your users sake.
Brad
Australian
-CAUTION-
The previous statement may contain traces of PHP, and by reading this statement you negate the right to vote me down.
|
|
|
|
|
It's good practices to have different passwords for all your stuff. I don't really think that sending passwords in another form will at all help from a security side. If the mail gets compromised then it is just tough luck. Any one who know how email servers work will know how to spoof the reply & sending address when activating a reply based password recovery.
Artificial Intelligence is no match for Natural Stupidity
No one can understand the truth until he drinks of coffee's frothy goodness. ~Sheik Abd-al-Kadir
I can't always be wrong ... or can I?
|
|
|
|
|
Yes but not everyone follows those regulations. I personally have different password for every work thing and then I have 3 passwords for my personal stuff. Actually it would be interesting to see everyones old passwords.
Here are my last 3 personal ones:
vroctery
gernnerk
sylio654
Brad
Australian
-CAUTION-
The previous statement may contain traces of PHP, and by reading this statement you negate the right to vote me down.
|
|
|
|
|
2 of my old ones were
#.File_and_Internet...Server1.# <-- nice and easy to remember
this20103533270882pass <-- yes i did remember it!
Artificial Intelligence is no match for Natural Stupidity
No one can understand the truth until he drinks of coffee's frothy goodness. ~Sheik Abd-al-Kadir
I can't always be wrong ... or can I?
|
|
|
|
|
I want message view back with the new Opera version!! I have to use IE to browse these forums, I just can't stand it with Opera now.
Opera/9.10 (Windows NT 5.1; U; en)
Please and thank you?
|
|
|
|
|
Here is my present to you: Clickety[^]
Brad
Australian
"Keyboard? Ha! I throw magnets over the RAM chips!" - peterchen
|
|
|
|
|
Haha, I knew it would link to the Firefox site!
I do have Firefox, mainly for testing websites I design. I use IE for the CP site.
|
|
|
|
|
I think it would be nice, if there is a link like "My threads" and "My posts" to see the threads started and posting by us like the "My Articles".
I saw how to see posts posted by oneself somewhere. But I think the permanent link could be convenient.
Thanks & Regards,
Suman
|
|
|
|
|
Go to your profiles and click on the "messages posted" link. It will give you a list of messages that you have posted recently. Furthermore just under that is an "articles posted" link.
Merry Christmas
Brad
Australian
"Keyboard? Ha! I throw magnets over the RAM chips!" - peterchen
|
|
|
|
|
Hi Suman,
Good idea. I would also like to see the ability to click on an author's name (in comments on a Board) and follow it to their profile.
The search engine does not seem to find people by their handle (if they have not submitted an article).
Jeff
|
|
|
|
|
Why not click on the little icon on the top bar of every post?
Brad
Australian
-CAUTION-
The previous statement may contain traces of PHP, and by reading this statement you negate the right to vote me down.
|
|
|
|
|
My Bad. I was not aware the icon was the link...
Jeff
|
|
|
|
|
Hi All,
Another suggestion:
When adding a hyperlink to a document, add ' TARGET="_blank" ' when using the online HTML editor if the link is outide of Code Project.
For the author in particular, this keeps the reader on his page. For Code Project in general, this keeps the reader on the site.
Jeff
|
|
|
|
|
forgive an old nit picker, but shouldn't that be ' target="_blank"'
(Hint: Keep elements (such as 'target') in lower case for Xhtml reasons)
Brad
Australian
"Keyboard? Ha! I throw magnets over the RAM chips!" - peterchen
|
|
|
|
|
Hi Brad,
Bradml wrote: 'target="_blank"'
Since I've gotten older, Capitol Letters are a lot easier to read
Bradml wrote: (Hint: Keep elements (such as 'target') in lower case for Xhtml reasons)
Probably proposed by a youngster (wish I were him)...
Jeff
|
|
|
|
|
Also you forgot the semicolon.... minor detail though.
Brad
Australian
-CAUTION-
The previous statement may contain traces of PHP, and by reading this statement you negate the right to vote me down.
|
|
|
|
|
Hi everyone!
Faced one problem with the "Last updates" (link is on the main page).
Yesterday my article ("Bridge design pattern with JavaScript") was updated, but it is not listed on the 20th of December on the "last updates".
(and it is not for the 1st time I see this).
Best regards,
Dmitry.
-------------------------
Don't worry, be happy )
|
|
|
|