Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

stu42j (6348)

  (email not shown publicly)

Journal of stu42j (6348)

Friday April 13, 2007
01:25 PM - Security?

[ #32986 ]

I just signed up on to use for a personal blog. I picked Vox because my impression was that it is MySpace done right. Six Apart+Danga have been around for a while, they know what they are doing. Plus they like Perl (and some Perl folks seem to like them).

So, after I sign up, I get a welcome email with my password, the one that I entered (not a random system generated thing), right there in the plain text of the email. WTF?

Ok, so it is just a blog, not a bank or something but sheesh! Mailman does the same thing but at least it warns you about it.

Am I overreacting or should I look elsewhere for my personal blogging needs?

Update: I also used tried the "forgot password" function and it again emailed my password in plain text. This means that they are either storing the passwords with two-way encryption (unlikely) or simply plain text. This is bad on top of bad. Storing passwords as a salted hash is not hard and pretty much standard best-practice security!

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • Ask them why that is and if you don't like the answer...bail.
  • I signed up for a company so I could get job listings for that particular company. I typed in my desired password and it refreshed the page and right there for the world to see was my plain text password.