| Author |
 Topic  |
|
|
work mule
Senior Member
USA
1358 Posts |
 Posted - 17 July 2003 : 20:28:43
|
Just got a nice little message from somebody about this...
quote:
I find it hard to believe that you sent back my pass word in the clear. I have never had anyone do that in the 17 years I have been using intra and Internet systems. It is a practice you should stop immediately.
I never noticed it before, but before this, we've been using the email validation. On the latest site, we're not using email validation, so it triggered this line of code.
Maybe it's best to remove it?
Line 595 (register.asp)
strMessage = strMessage & "Password: " & Request.Form("Password") & vbNewline & vbNewline
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 17 July 2003 : 23:02:52
|
I don't see any reason to remove it. Passwords are sent via e-mail all the time. They would still be sent when a person uses the "Forgot Your Password?" link, except that the password is now encrypted in the database and there wasn't a way to decrypt it and then send it to them.
The person could always just change it immediately after signing up.
This person claiming that they have never had that happen is very, very hard to believe... |
 |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 18 July 2003 : 01:37:35
|
| Quite true. Of the many sites that I have signed up on, quite a number of them send the passwords in the email. Even when using a forgot password feature. Unless he hasn't signed up on many sites during in his 17 years, I find that hard to believe too. |
Support Snitz Forums
|
|
|
|
work mule
Senior Member
USA
1358 Posts |
Posted - 18 July 2003 : 02:46:30
|
I know what you're saying. There have been many sites which have sent passwords in emails. It may not be as frequent now as it was years ago. I have to agree that it is hard to believe.
All that aside, I'm wondering how long it will be before the following: 
Members asks for his/her password. We tell the member that we can't look up the password because it is encrypted and we have no idea what it is. The comment will be made that we must know what it was because we originally sent an email with the password inside. 
We know it came directly from the registration form, but they don't. |
Edited by - work mule on 18 July 2003 02:48:16 |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 18 July 2003 : 03:32:38
|
LoL. You will need to tell them the email is automatically generated when they sign up. That you didn't actually sit down and write a personal email to them with thier password.  |
Support Snitz Forums
|
|
|
|
work mule
Senior Member
USA
1358 Posts |
Posted - 18 July 2003 : 04:35:12
|
Funny you should say that. Every month we get a couple of messages in the webmaster account where the person has replied to the automated welcome messages. Some are just a simple thanks, while others are more indepth.
The ones I really get a chuckle out of are the ones where they say they are impressed with our "personal" response and how they like it so much better than the generic form messages they get on other sites. If they only knew. LOL!! |
|
|
|
The Impact
Junior Member
Australia
398 Posts |
Posted - 18 July 2003 : 06:27:39
|
LOL, that sounds like something my parents would do Work Mule !
Whenever someone put in an email address which did not exist I would get mail would come to my account and have the welcome message and people's password. Not good.  |
|
|
|
hayleypink
Junior Member
Haiti
145 Posts |
Posted - 18 July 2003 : 06:40:37
|
| I see what you mean - have joined many big websites (Amazon etc) and always got password in email. |
|
|
|
Bookie
Average Member
USA
856 Posts |
Posted - 18 July 2003 : 10:21:27
|
| Hm, 17 years using intra and internet systems? Let's see, 17 years ago (1986) I was 12. While I don't doubt the use of some basic use of intra and internet back then, I highly doubt he was "surfing the web" and signing up for stuff that uses e-mail and passwords. I think I remember some form of Compuserve back then but I think 17 years is a pretty exaggerated number. |
Participate in my nonsense |
|
|
|
snaayk
Senior Member
USA
1061 Posts |
Posted - 18 July 2003 : 14:57:09
|
| I have gotten passwords in e-mails all the time, especially when I forget what it is. |
|
|
|
MasterOfTheCats
Junior Member
103 Posts |
Posted - 18 July 2003 : 17:08:42
|
What I don't understand in this talk is the following:
Does it cause a security problem (e.g. somebody accessing my e-mail box locally/remotely, carneuvering through ISP's etc)?
Is the benefit of having it so great compared to the down sides?
I think the emphasis of the discussion should not be "if other people's sites are sending e-mails". Everyone doing it does not mean that it is right either...
I just wanted to bump the original idea...
|
|
|
| |
Topic |
|
Topic Locked
