Saturday, May 1, 2010

Did you delete your blogcatalog registration email?

I'm so surprised due to blogcatalog registration email, it's clearly show your password.


there is two possibilities of algorithm, this is my dirty analysis:

  1. Registration form -> Send email with user name + plain text password -> Save user name + encoded password in the database.
  2. Registration form -> Send email with user name + plain text password -> Save user name + plain text password in the database.
I hope they're using the second method. Anyway, it's not safe to send plain text password into email body, let's imagine if someone sniffing your network, worse, if someone hacked your email account, hacker will found your blogcatalog password easily. To make it a bit secure, all you need to do is delete it know, yes! also from trash.


1 comment:

Post a Comment