What's new
MrDeepFakes Forums

Some content may not be available to Guests. Consider registering an account to enjoy unrestricted access to guides, support and tools

  • We are looking for community members who are intested in helping out. See our HELP WANTED post.

Please store our passwords more securely!

Z

Zenkai

DF Vagrant
When I signed up for this website, I was emailed an activation link. That email also contained my username and password in cleartext. 

You should not be able to send me my password in cleartext if you were securely storing my password (i.e. hashed and salted). This means you are storing our passwords in cleartext and we are just waiting for a disaster to happen.

Can you please improve your password security?
 
dpfks

dpfks

DF Enthusiast
Staff member
Administrator
Verified Video Creator
Passwords are hashed and salted in database.

Just because passwords are emailed in plain text for you to use, does not mean they're stored in plain text. You can manually change your email to skip the emailing of password part (again passwords are hashed in database). Regardless, extra security will be added once the new site is released for those who are paranoid.
 
D

[deleted]

DF Vagrant
Zenkai said:
When I signed up for this website, I was emailed an activation link. That email also contained my username and password in cleartext. 

You should not be able to send me my password in cleartext if you were securely storing my password (i.e. hashed and salted). This means you are storing our passwords in cleartext and we are just waiting for a disaster to happen.

Can you please improve your password security?
Click to expand...

dude its a porn tube site. You don't even NEED to register.
 
Z

Zenkai

DF Vagrant
Can we please assume good intentions? I'm not here to shit on your parade, I'm trying to bring a security issue to your attention. 

dpfks said:
Just because passwords are emailed in plain text for you to use, does not mean they're stored in plain text.
Click to expand...
It means you are either storing them in plain text or using reversible encryption. Both are Bad Ideas (tm)

dpfks said:
for those who are paranoid.
Click to expand...
Look, this isn't 1997 anymore. I'm not paranoid. You're naive.

GhostTears said:
dude its a porn tube site. You don't even NEED to register.
Click to expand...
You don't know what I'm here for. I'm not sure what you're contributing to this conversation.
 
dpfks

dpfks

DF Enthusiast
Staff member
Administrator
Verified Video Creator
Zenkai said:
Can we please assume good intentions? I'm not here to shit on your parade, I'm trying to bring a security issue to your attention. 

dpfks said:
Just because passwords are emailed in plain text for you to use, does not mean they're stored in plain text.
Click to expand...
It means you are either storing them in plain text or using reversible encryption. Both are Bad Ideas (tm)

dpfks said:
for those who are paranoid.
Click to expand...
Look, this isn't 1997 anymore. I'm not paranoid. You're naive.

GhostTears said:
dude its a porn tube site. You don't even NEED to register.
Click to expand...
You don't know what I'm here for. I'm not sure what you're contributing to this conversation.
Click to expand...

I agree the emailing the password initially is bad practice. This is a poor design by the script we're using. Also all front-end registrations are inputted as clear text initially.

Again, we are heavily revamping the site in the upcoming weeks. This issue will be resolved.

To emphasize, passwords are NOT stored in clear text. If you lose your password we cannot recover it, that is why people need to use the reset feature to obtain a new one.
 
You must log in or register to reply here.
Top