| Subject: | Passwords are stored in the DB as... |
|---|
| Summary: | Package rating comment |
|---|
| Messages: | 1 |
|---|
| Author: | Bjorn V |
|---|
| Date: | 2011-01-28 15:28:32 |
|---|
| |
|
|
Bjorn V rated this package as follows:
| Utility: | Insufficient |
|---|
| Consistency: | Bad |
|---|
| Documentation: | Sufficient |
|---|
| Examples: | Sufficient |
|---|
|
|
 Bjorn V - 2011-01-28 15:28:34 Passwords are stored in the DB as "plain text" that's a very big "no-no". Passwords should be at least stored as MD5() (varchar(32)) or Sha1 (varchar(40))... Furthermore, I would like to see that you can "activate" or maybe even de-activate people, add or remove people to and from (multiple) usergroups... So it's very basic, it offers people an insight. But it's not a very "safe" script. It's VERY vulnerable to XSS and SQL injection(!), not to mention that the variables should be outside the quotes. It's a nice attempt to create a login class using AJAX, but it lacks security...
|
