dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed

FreeBSD on the desktop

Bristol, VT

3 recommendations

reply to justin

Re: site user password intrusion info

I have to join the others and express my shock/disappointment/irritation that any website in 2011... especially a technically-savvy one such as this one... would be storing passwords in cleartext in the database. There are no excuses for such irresponsible handling of user data.

I mean, come on... the concept of 1-way password hashes have been the standard in Unix-style OSes for decades now. This isn't rocket science.

And although in a utopian world I'd have 100 or so unique passwords for each and every site I have an account at, this is just not practical. Nor is remembering every site I have a login at that uses my email address.


Bedford, TX

1 recommendation

I totally agree with this. I couldn't believe that passwords was not encrypted in a one way encryption. This is the case of not a could have, should have, encryption should have been done since day 1.

The email I got said my account was compromised, good thing is that I never use the password that I use for less secured website (that doesn't contain my credit card info and such) for banking, credit card or any website that has my credit cards which I use a much stronger password and they all have different passwords.

Valencia, CA
·Time Warner Cable

1 recommendation

I have to say I'm shocked too. BBR runs stories about sites getting hacked all the time. The Gawker and PSN events should have been a cue to think about your users' safety and beef up your security.

This site was born during a more innocent age, I suppose, but .... c'mon. You have active security forums, that alone makes you a juicy target. Disappointing.

AT&T U-Hearse - RIP Unlimited Internet 1995-2011
Rethink Billable.
Expand your moderator at work