Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Clear text passwords

by Juerd (Abbot)
on Jun 05, 2018 at 00:27 UTC ( [id://1215896]=monkdiscuss: print w/replies, xml ) Need Help??

It's 2018 and this site still stores clear text passwords (truncated to 8 characters, apparently), sends those passwords via clear text email, and uses clear text HTTP by default.

There has already been a breach, almost a decade ago, where passwords got stolen (including mine), and TLS certificates have been free through Let's Encrypt for 2 years now. I find the continued use of clear text HTTP and passwords very irresponsible and wonder what's keeping the dear admins from implementing modern security measures.

Juerd

Replies are listed 'Best First'.
Re: Clear text passwords
by LanX (Saint) on Jun 05, 2018 at 01:07 UTC
    Please use an autogenerated password and log in via https://perlmonks.org/

    Since you haven't posted here for 5 years:

    If you use supersearch for https in "PerlMonks Discussion" you'll find a bunch of older discussions you might have missed:

    Click Search

    HTH! :)

    Cheers Rolf
    (addicted to the Perl Programming Language :)
    Wikisyntax for the Monastery

[reply]
[d/l]
Re: Clear text passwords
by trippledubs (Deacon) on Jun 05, 2018 at 02:53 UTC

    oops I was wrong, sorry. :) Looks like your password is not sent via clear text either, I see encryption being used in the e-mail headers when I do password recovery. Even on old pw recovery e-mail.

[reply]

      Kudos for following back up on that.

      In regards to security, many people have been desiring better of Perlmonks for a long time, but this is after all volunteer and there are reasonable workarounds for the SSL-desiring folk.

      At least here at PM, they aren't selling the data on you or the "friends" you speak to here like they are on Facebook (or Google, or 'insert name of monopoly sickness here'). I can't imagine what Your Mother would think if that were to happen if she got her info sold out just because I replied to one of your messages ;)

[reply]
        Your Mother's friends are all sockpuppets... I should know, we are close.

        Cheers Rolf
        (addicted to the Perl Programming Language :)
        Wikisyntax for the Monastery

[reply]

        Well it must have been working better yesterday. Today I am getting the pairsite cert. Pretty soon your going to have to click through a skull and bones, 20 field captcha, pics of crying babies just to log in.. The LE cert, perception wise, I think is better :)

[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Perl Monks Discussion

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: monkdiscuss [id://1215896]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others goofing around in the Monastery: (1)
As of 2024-04-18 23:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found