in reply to RFC: Add profile field "emergency contact" or such like as

...our policies explicitly state this this email address "is used only to send you your password".

This policy needs to change posthaste--yesterday, if not sooner!

I would rather know that my password is not stored anywhere in plain text, and that it could only be reset, not resent!

I do NOT want my password sent to me...ever! Whomever has set the system up this way should be rather ashamed. This is exactly why a few years ago the site had a major issue with a hacking event that compromised everyone's passwords. It sounds, by this "policy" talk, as if no lesson was learned at all!

I'm a simple monk, with inferior coding skills by comparison with most here--yet even I do not store anyone's password in plain text on my servers. Tools like crypt are super easy to use, and waaaaaay more secure than plain text!

Blessings,

~Polyglot~

Replies are listed 'Best First'.
Re^2: RFC: Add profile field "emergency contact" or such like as
by jdporter (Paladin) on Nov 29, 2023 at 14:37 UTC
    Whomever has set the system up this way should be rather ashamed.

    That would be vroom. Or possibly even CmdrTaco.

    The problem is, it is not easy to change. It is very far from trivial to change. Everything about this system is hard to change. But we've had this conversation many, many times already. No point in going around it yet again.

    Today's latest and greatest software contains tomorrow's zero day exploits.
[reply]
      Perhaps I'm oblivious to what has gone round the rugged rock so many times as you say, but usually the hardest things to change are those that buck the social current or that simply have to pass a large committee. If so many of us (virtually unanimous I would hope) agree that this change would be a positive thing, why then is it difficult? If the platform is at all based on Perl, it should be cinch, right?

      I don't mean to cause everyone to rehash old stuff, but if there's a link to catch me up to speed on the past conversation, I'd take a look at it.

      Blessings,

      ~Polyglot~

[reply]
        usually the hardest things to change are those that buck the social current or that simply have to pass a large committee.

        Without disputing your premise, I can assure you that's not the case here. I or any of the gods can (and do) often make changes to the site's code without even consulting each other, let alone the wider membership.

        If so many of us (virtually unanimous I would hope) agree that this change would be a positive thing, why then is it difficult?

        lolwhat? If an idea is popular, it must be easy to implement? Are you not a programmer?

        If the platform is at all based on Perl, it should be cinch, right?

        lolwhat

        Today's latest and greatest software contains tomorrow's zero day exploits.
[reply]

        I have added you to the pmdev group. You are now able to view all the site code and submit patches. Thank you for volunteering. I look forward to your fixes.

[reply]
Re^2: RFC: Add profile field "emergency contact" or such like as
by Anonymous Monk on Nov 29, 2023 at 16:19 UTC
    Don't feed the trolls!
[reply]

In Section Perl Monks Discussion