Stupid Forum Tricks

An Open Bug Report To The Software Development Community:

Product: Forum Software (any)
Area: Registration
Category: Bug
Priority: 1-Security Failure

Description:
Forum registration software is sending user-entered passwords (in plaintext, over unencrypted channels, through unaudited networks!) in registration confirmation emails.

Does this seem like unfortunate design to anyone else? It’s too much effort to come up with unguessable, memorable passwords to waste the products on thoughtless security breaches.

0 Response to “Stupid Forum Tricks”


Comments are currently closed.