Hey All... So, I was lookin' through one of my Roller installs last night, 'cuz I was having some trouble... But in the process I was taking a gander through the database.
Then, in the immortal words of Keanu Reeves, I said "Whoa!" Was that my password I spied, in plain text!?! Say it ain't so!!! Did I have something mis-configured? I'm not sure, I'd have to check my other Roller instance... Is this by design? If it is, shouldn't we put a caution on the "register" page encouraging people to have passwords different than what they would normally use in a "high security" situation? (Even if that is implicitly understood by tech-advanced people, the explicit reminder to the less-techy or less careful wouldn't be wasted...) If this *is* an oversight, I'll put an entry into JIRA. (I'd also suggest we look at putting in some sort of preference for the login page to be over HTTPS, then fall to HTTP when HTTPS is not available...) I may be able to help work on the issue in the next coming weeks as well, but I can guarantee, 'cuz I'm getting ready to move... Thanks all! - Nelz
