http://qs1969.pair.com?node_id=1215172


in reply to Monastery login over http

What's even scarier is that at one point, your perlmonks password was stored in cleartext in the database (not hashed), and there was a breach (this was like a decade ago).

-- Randal L. Schwartz, Perl hacker

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

Replies are listed 'Best First'.
Re^2: Monastery login over http
by LanX (Saint) on May 24, 2018 at 21:18 UTC
    > at one point, your perlmonks password was stored in cleartext in the database

    AFAIK this is still the case, try to get a hashed password mailed to you.

    update
    still the case...
    Hey there.
    You or someone else has requested a password for your username or e-mail address. Before you freak out, take a few deep breaths and remember that it's YOU and not THEM who is getting this password.

    Here's your info:

    username: merlyn passwd: LanXRulez human name: Randal L. Schwartz

    love, the management http://perlmonks.org/

    Cheers Rolf
    (addicted to the Perl Programming Language and ☆☆☆☆ :)
    Wikisyntax for the Monastery

Re^2: Monastery login over http
by Your Mother (Archbishop) on May 25, 2018 at 03:16 UTC

    Doesn't scare me in the slightest and never did. The site doesn't have my social security or any banking or credit or non-public personal info or keychain access or certs to anywhere and does not represent any security threat at all unless I use the same credentials and password elsewhere. I've done a lot of stupid things in my day but not that one. Though I was able to skate on a five letter dictionary word as my amazon.com password for a few years… :P

      The best strategy here is a generated cryptic password.

      I don't need it to be easily remembered as long as I can get it mailed.

      Cheers Rolf
      (addicted to the Perl Programming Language and ☆☆☆☆ :)
      Wikisyntax for the Monastery

        I started using GUIDs (with a very minor transform) as my default password at new sites a couple years ago.

Re^2: Monastery login over http
by afoken (Chancellor) on May 25, 2018 at 09:02 UTC
    there was a breach

    What happened?

    your perlmonks password was stored in cleartext in the database (not hashed)

    And it still is, almost 9 years later. Anger Management

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)