alientrap-forum-archives

[tChr]

When editing your "profiles" page, the password is allready filled in. This is a nasty thing to do of several reasons:

1. It sends the password as clear text in the source, information that can easily be sniffed. It is also cached in the borwwser cache and in any proxy servers. On windows, anyone can ready your cache.
2. It makes it clear that the password is not stored encrypted, wich is just as bad. Its not that I dont trust you, but in general, the passwords should never be stored unencrypted, as any cracking of the database and/or server would expose these passwords to anyone.

imao this should be adressed asap.

I know that this is a problem with the testing of the data, as all fields is probably tested upon submit. This can be solved with one of the following methods:
1. Ignore the password field if its empty upon chage submit. This is not a problem as noone should ever be allowed to enter an empty password anyways.
2. Put the password control into a separate page of the user control. This is my preffered method.

[GreEn`mArine]

the passwords are md5 crypted in the database. you will ONLY see the password (in stars) if you just logged in, because the password becomes a $_Session['pass'] variable which is only used to fill that password field (and nowhere else) so that you won't get any errors when trying to edit your profile and donÄt have to re-enter the password again

you can also notice that when using the remember feature which uses an identification value to re-auth, the password fields will be emtpy then when opening the editprofile page

your suggestion is good.
TO-DO: remove both password fields from the editprofile page, add a "change password" link instead.
the change password page will have "old password", "newpassword", "new pw again" fields