[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dolibarr-dev] Forum send plaintext password on mail confirmation

From: Jean Traullé
Subject: Re: [Dolibarr-dev] Forum send plaintext password on mail confirmation
Date: Tue, 03 Sep 2019 18:01:13 +0000

Hello Km,

Thanks for reporting this.

The passwords are not stored in plaintext in the database but are salted and 
hashed before being stored.
An email is however sent with the plain text password before being salted and 
hashed to be stored in the database.

I agree with you that this is considered bad practice to send emails with 
plaintext passwords (as email should be considered an insecure media).

We are in the process of transitioning to a new forum software (starting with 
the French community forum).
My research for Discourse can be read at

Please, note that others users are considering others forum software.

But this should be fixed with that transition.


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday 3 September 2019 18:35, address@hidden <address@hidden> wrote:

> Hello
> As I don't know where post this trouble, I prefer use old solution and
> post a mail :)
> I've reopened an account on On confirmation mail
> I've seen my account and my plaintext password.
> I see two troubles :
> -   Password plaintext looks stored on dolibarr server
> -   A mail is sent with a plaintext password.
>     Is is possible to solve this situation. Looks critical to store and
>     send plaintext password.
>     Thanks a lot
>     Km
> Dolibarr-dev mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]