Encrypt or at least hash passwords

Message Share Topic Printable Version Google Delicious Digg StumbleUpon Windows Live Yahoo Bookmarks reddit Facebook MySpace Newsvine Furl Topic Search Topic Options Post Reply Create New Topic

   We are currently using V5 and have not upgraded to 2011 XX version yet so maybe this has changed but if not then we are requesting that passwords in the "User" table be encrypted or hashed so they are not that easily viewable.

Thanks

Author	Message Share Topic Printable Version Google Delicious Digg StumbleUpon Windows Live Yahoo Bookmarks reddit Facebook MySpace Newsvine Furl Topic Search Topic Options Post Reply Create New Topic
matrixIII Members Profile Send Private Message Find Members Posts Add to Buddy List Professional Joined: 21 Jul 2008 Posts: 68	Post Options Post Reply Quote matrixIII Report Post Quote Reply Topic: Encrypt or at least hash passwords Posted: 21 Jul 2011 at 5:36pm
	We are currently using V5 and have not upgraded to 2011 XX version yet so maybe this has changed but if not then we are requesting that passwords in the "User" table be encrypted or hashed so they are not that easily viewable. Thanks

Stephen Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Admin Group Joined: 21 Oct 2005 Location: Stoke on Trent Posts: 1392	Post Options Post Reply Quote Stephen Report Post Quote Reply Posted: 04 Aug 2011 at 5:26pm
	Hi, Its not possible for WhosOn Client users to access other users passwords via the client. Only an admin on the server would have access. We can provide an option to encrypt the passwords in the meta data DB also. Some admins would want to view the passwords in clear text for instances where client users forget their passwords. Many Thanks Steve

matrixIII Members Profile Send Private Message Find Members Posts Add to Buddy List Professional Joined: 21 Jul 2008 Posts: 68	Post Options Post Reply Quote matrixIII Report Post Quote Reply Posted: 11 Aug 2011 at 6:15am
	That is not good security at all. I know clients users can't access other users passwords. Admins should not be able to see the real password even in the actual DB. If they want the ability to view all the real passwords for their client users then they should not be admins. They should have the ability to only reset it to a new one where clients users forget their passwords. Remember what happened to the Play Station Network where the passwords were stored in plain text? I would't feel too good if my Network Admin can see everybody's domain password. I may use that password for my personal email or other stuff. Thanks