Re: Forum send plaintext password on mail confirmation
Thanks for reporting this.
The passwords are not stored in plaintext in the database but are salted and hashed before being stored.
An email is however sent with the plain text password before being salted and hashed to be stored in the database.
I agree with you that this is considered bad practice to send emails with plaintext passwords (as email should be considered an insecure media).
> As I don't know where post this trouble, I prefer use old solution and
> post a mail :)
> I've reopened an account on dolibarr.org/forum. On confirmation mail
> I've seen my account and my plaintext password.
> I see two troubles :
> - Password plaintext looks stored on dolibarr server
> - A mail is sent with a plaintext password.
> Is is possible to solve this situation. Looks critical to store and
> send plaintext password.
> Thanks a lot
> Dolibarr-dev mailing list
> [hidden email] > https://lists.nongnu.org/mailman/listinfo/dolibarr-dev