This forum is no longer open and is for reading/searching only.
Please use our new MachForm Community Forum instead.
MachForm Community Forums » MachForm 3
Passwords stored as plain text?
Started 11 years ago by NiTRoN | 4 posts |
-
I was doing database audit and found something interesting. Account loin passwords are stores in plain text format inside database. Is it possible to encrypt the responses and just use MD5 or whatever mechanism to match them up when logging in?
Posted 11 years ago # -
In which table did you find that? The only passwords being stored by MachForm are located inside "ap_users" table and they are all encrypted already.
MachForm Founder
Posted 11 years ago # -
I did a similar audit and did not find the password in plain text. What table did you find that in? I am using the most updated v.3.4.
Posted 11 years ago # -
I would also be curious to know where in your database, if it is set up like the rest of ours, you are seeing plain text passwords.
The only real/actual plain text password is in config.php in your DB configuration information section but that file can't ordinarily be opened and viewed, since it will simply execute when opened in a browser.
Posted 11 years ago #
Reply
You must log in to post.