I did some PHP for a client forum. Account resets sent passwords in plaintext through emails. I notified him that it is a bad practice and very not secure. I proposed solutions but he categorically refused and did not see anything wrong with doing that.
I still sometimes receive a plain text password in email when I click forgot password. Then I start hating people there. Ok, you store the passwords probably in clear text. At least don't send it back into the wild.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I did some PHP for a client forum. Account resets sent passwords in plaintext through emails. I notified him that it is a bad practice and very not secure. I proposed solutions but he categorically refused and did not see anything wrong with doing that.
Oh you mean passwords that are already set on the account. Yeah, that's a big no-no.
I still sometimes receive a plain text password in email when I click forgot password. Then I start hating people there. Ok, you store the passwords probably in clear text. At least don't send it back into the wild.