Login   Register  
PHP Classes
elePHPant
Icontem

Passwords are stored in the DB as "plain text" that's a very ...

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      AJAX Login Module  >  All threads  >  Passwords are stored in the DB as "plain text" that's a very ...  >  (Un) Subscribe thread alerts  
Subject:Passwords are stored in the DB as "plain text" that's a very ...
Summary:Package rating comment
Messages:1
Author:Bjorn V
Date:2011-01-28 15:28:32
 

Bjorn V rated this package as follows:

Utility: Insufficient
Consistency: Bad
Documentation: Sufficient
Examples: Sufficient

  1. Passwords are stored in the DB as "plain text" that's a very ...   Reply  
Picture of Bjorn V
Bjorn V
2011-01-28 15:28:34
Passwords are stored in the DB as "plain text" that's a very big "no-no". Passwords should be at least stored as MD5() (varchar(32)) or Sha1 (varchar(40))... Furthermore, I would like to see that you can "activate" or maybe even de-activate people, add or remove people to and from (multiple) usergroups... So it's very basic, it offers people an insight. But it's not a very "safe" script. It's VERY vulnerable to XSS and SQL injection(!), not to mention that the variables should be outside the quotes. It's a nice attempt to create a login class using AJAX, but it lacks security...