« previous next »
Pages: [1]   Go Down

Author Topic: Are our passwords stored in plain text in the forum database?  (Read 890 times)

Offline Thorin

  • Forum Moderators
  • Lord
  • *****
  • Posts: 5234
Are our passwords stored in plain text in the forum database?
« on: September 18, 2007, 12:00:15 PM »
I've been working on a security system and reading all about salting and hashing passwords.  In one of the articles I read, it mentioned something about phpBB storing passwords in plain text in the database.  I'm wondering, does SMF do that too?  If not, do you know what SMF does with the password?  Does it salt it and hash it and store it?  Does it just hash it?  Does it encrypt it with a private key?

The worry, of course, is if a forum user uses the same password for the forums and for something important, like banking information.  I don't, so I'm not worried about me, but who knows what the other users do.
Logged
Prayin' for a 20!

Offline Darren Dirt

  • Forum Moderators
  • Royality
  • *******
  • Posts: 8042
  • urbandictionary.com/define.php?term=pineapples
    • GAFFE: Government Awareness and Freedom Foundation for Everyone
Re: Are our passwords stored in plain text in the forum database?
« Reply #1 on: September 18, 2007, 12:26:02 PM »
Worry not, grasshopper.

If thou doth clicketh upon your PROFILE, then "Account Related Settings", look next to "ANSWER" and see the label that reads thusly:
"WHY IS THIS BLANK?", therein all wisdom shall be thrown upon thou.
« Last Edit: September 18, 2007, 12:28:11 PM by Darren Dirt »
Logged
DEEP: "Don't judge the world from it's people. Don't judge my hands from my gloves." -GS http://goo.gl/RaEEG http://goo.gl/j5IMn


"The secret to happiness is finding something you love and doing it well, and then being recognized for."
- George Carlin (http://bit.ly/aUchTX)

"Be so good they can't ignore you."
- Steve Martin (http://www.charlierose.com/view/interview/8831)
Pages: [1]   Go Up
« previous next »