3 messages in com.mysql.lists.eventum-usersRe: Plaintext Passwords| From | Sent On | Attachments |
|---|---|---|
| Jonathan Marcus | 14 Jul 2008 09:16 | |
| Bryan Alsdorf | 15 Jul 2008 10:02 | |
| Jorey Bump | 15 Jul 2008 11:32 |
| Subject: | Re: Plaintext Passwords |
|---|---|
| From: | Bryan Alsdorf (bry...@mysql.com) |
| Date: | 07/15/2008 10:02:23 AM |
| List: | com.mysql.lists.eventum-users |
Hi Jonathan,
Jonathan Marcus wrote:
Hi,
I just installed Eventum, and I noticed a rather significant security problem.
When a user changes their password, they receive an email with their password in plaintext. While there are reasonable argument for & against doing this, I cannot understand why these emails would be logged in the database. I was able to look in the "mail_queue" table and see everyone's passwords.
People's passwords are encrypted in the "user" table, but this does no good when someone can just look in the log and see every password.
Please let me know if there is any fix that will disable the emailing of passwords in plaintext. If there is, I recommend that it becomes the default option.
The email with the new password is only sent when an admin changes the password.
This is
so the end user will know there password. They should click "account
preferences" and
change the password as soon as they login. There will be no email generated for
that change.
I do agree that it is sub optimal to keep those emails around once they have
been
processed but they do need to exist in plaintext at some point. I see two items
to improve
this:
1) Add a "don't send notification" checkbox to user administration.
2) Add a flag to the mail queue to cause those emails to be deleted once they
are sent.
I will put this on our TODO for the future.
Best Regards,
-- Bryan Alsdorf, MySQL Support Manager, Systems MySQL @ Sun Microsystems, Inc., http://www.sun.com/mysql/