[quote="Babarock"] ... After registration (both to the mailing-list and the forums on the website), I had a confirmation e-mail sent to me with my password written in full letters. ... Nevermind the fact that admins can now look freely at my password (which is a moral violation), any intruder could do the same! Do I have to worry about the safety of a system I am unfamiliar to, let alone the integrity of its administrators? ... It is common practice to encrypt passwords before storing them. It is time (we're in 2010) this community implemented it. ... [/quote]
Mailinglist software (mailman) commonly stores passwords unencrypted. Apparently so does phpbb. - Don't use real secret passwords on public forums and mailinglists. - In fact, don't share any sensitive information on public forums and mailinglists. So yes: it is quite common to store cleartext passwords and communicate them by email. You don't have to like it (I don't) but there you go. And no: there's nothing to worry about as long as you follow a couple of simple rules like the two I mentioned above. But you do have a point: OpenERP by default will store it's users' passwords cleartext, which indeed is not good! Thanks @hda for pointing out the base_crypt add-on. And there's also ldap of course. ------------------------ --- Paul Stevens paul at nfg.nl NFG NET FACILITIES GROUP --- -------------------- m2f -------------------- -- http://www.openobject.com/forum/viewtopic.php?p=51729#51729 -------------------- m2f -------------------- _______________________________________________ Tinyerp-users mailing list http://tiny.be/mailman2/listinfo/tinyerp-users
