This forum is no longer open and is for reading/searching only.

Please use our new MachForm Community Forum instead.

MachForm Community Forums » MachForm 3

Passwords stored as plain text?

Started 11 years ago by NiTRoN | 4 posts |


  1. NiTRoN
    Member

    I was doing database audit and found something interesting. Account loin passwords are stores in plain text format inside database. Is it possible to encrypt the responses and just use MD5 or whatever mechanism to match them up when logging in?

    Posted 11 years ago #

  2. yuniar

    In which table did you find that? The only passwords being stored by MachForm are located inside "ap_users" table and they are all encrypted already.

    MachForm Founder

    Posted 11 years ago #

  3. csamuel69
    Member

    I did a similar audit and did not find the password in plain text. What table did you find that in? I am using the most updated v.3.4.

    Posted 11 years ago #

  4. AMurray
    Pro Member

    I would also be curious to know where in your database, if it is set up like the rest of ours, you are seeing plain text passwords.

    The only real/actual plain text password is in config.php in your DB configuration information section but that file can't ordinarily be opened and viewed, since it will simply execute when opened in a browser.

    Posted 11 years ago #

RSS feed for this topic

Reply