You are here

Cleartext password?!11

I was quite surprised to get my password sent in cleartext in the confirmation e-mail ... Is that really necessary? It seems to imply that the site stores the password in cleartext too, which is generally considered a Bad Thing.

Just wanted to point this out, I realize the GIMP Plugin Registry does not represent a "sensitive" site, but there are still risks of exploits that might be easier to avoid with improved password security.

Thanks for your efforts in providing the service!

The site does not store cleartext passwords. When it is generated, the cleartext is known and used for the e-mail, but afterwards, it is stored in an encrypted format.

Yes, sending it be e-mail is a security risk, but how else would you get it? It is recommended to change passwords after having received that e-mail.

Subscribe to Comments for "Cleartext password?!11"