Hi there,
I'm wondering about the security features with registered users and editors.
In the admin when looking at the User database, passwords are visibly (not encrypted) along with usernames. This sort of defeats the purpose of having them doesn't it? I know people watch unencrypted browser transactions, what's to prevent them from getting a hold of all the usernames and passwords if admin is not running under SSL?
Has anyone encrypted the passwords in the database?
Also, has anyone come up with a "forgot your password?" To allow users to find out their passwords?
Peace.
Kyle
I'm wondering about the security features with registered users and editors.
In the admin when looking at the User database, passwords are visibly (not encrypted) along with usernames. This sort of defeats the purpose of having them doesn't it? I know people watch unencrypted browser transactions, what's to prevent them from getting a hold of all the usernames and passwords if admin is not running under SSL?
Has anyone encrypted the passwords in the database?
Also, has anyone come up with a "forgot your password?" To allow users to find out their passwords?
Peace.
Kyle