forum.coppermine-gallery.net

No Support => General discussion (no support!) => Topic started by: tanfwc on March 27, 2004, 06:50:53 am

Title: password...
Post by: tanfwc on March 27, 2004, 06:50:53 am

why is the password in the database not in md5 hashes? it is in PLAIN TEXT...

Title: password...
Post by: Joachim Müller on March 27, 2004, 08:05:11 am

there has been a discussion about this a while ago, please search the board for "md5 AND password".
There's a mod available: http://forum.coppermine-gallery.net/index.php?topic=2179

GauGau

Title: password...
Post by: tanfwc on March 27, 2004, 08:14:53 am

ok. Thanx. Why dun u put that function into this gallery?

Title: password...
Post by: Joachim Müller on March 27, 2004, 08:16:34 am

I hope you read the posting I was refering to: there's always ease of use against security: some people prefer having the passwords stored in plain text, because they run a gallery with newbie-users who forget their passwords every now and then: it's easier to look up their passwords if they're plain-text.
If someone hacks your site and is able to see your database (e.g. gains access to phpMyAdmin) and its contents, you probably have to worry about other things anyway...
The main reason why this hasn't been done yet I guess is: it simply has been forgotten. There are so many features that are being considered when developing a new version: sometimes you simply forget about stuff you were thinking about before.

GauGau

Title: password...
Post by: tanfwc on March 27, 2004, 08:22:14 am

does this md5 feature install in the future versions?

Title: password...
Post by: Joachim Müller on March 27, 2004, 08:48:55 am

maybe, but it's not in cpg1.3.0, which is in the release pipeline.

GauGau

Title: password...
Post by: tanfwc on March 27, 2004, 03:14:24 pm

ok. :)