5 replies [Last post]
Xano's picture
Offline
Joined: 07/29/2008
Juice: 41
Was this information Helpful?

As a security measure it's best not to e-mail passwords to people. Passwords should be hashed and saved to the DB right after they have been entered and never, ever be viewed as plain text again.

splash112@drupal.org's picture
Offline
Joined: 04/01/2008
Juice: 413
Hi Xano, Passwords are

Hi Xano,

Passwords are handeled by Drupal. So posting this here might not help a lot.

Regards
Mark

splash112@drupal.org's picture
Offline
Joined: 04/01/2008
Juice: 413
Sorry, Forgot the direct

Sorry,

Forgot the direct signup.
Drupal is handling passwords correct I believe.

Only problem is, do you really want customers have to login first before they can checkout? This might make your system a little bit less user friendly...

Best regards
Mark

Xano's picture
Offline
Joined: 07/29/2008
Juice: 41
splash112@drupal.org
splash112@drupal.org wrote:

Hi Xano,

Passwords are handeled by Drupal. So posting this here might not help a lot.

Regards
Mark

Yeah, but site administrators decided whether to show passwords as plain text in e-mails or not Eye-wink

Ryan's picture
Offline
Joined: 08/07/2007
Juice: 15438
Re: splash112@drupal.org

Hmm... it is a Drupal issue, since the passwords are e-mailed in both the normal and administrator user registration forms. Ubercart invoices can optionally include the username/password, but you can take that out of your invoice. Further, Ubercart checkout for anonymous users uses the site-wide registration e-mail... so, if you change it there, you should no longer be sending passwords. Smiling

EDIT: This is the point where I realized you were talking about our site. Eye-wink

I'm not too worried about changing it for Ubercart.org in the short term... you can always change your password after you've registered. It might be a little more necessary for your e-commerce sites, though.

Thanks for the suggestion, and I'll keep it in mind for the future.

Xano's picture
Offline
Joined: 07/29/2008
Juice: 41
Re: Re: splash112@drupal.org

I'm more concerned with people looking through other people's email. Yes, those people exist, unfortunately. I'm not fond of changing my password because it's been sent as plain text. I've already got enough passwords to keep track of Sticking out tongue Just my 2 cents.