| Author |
Message |
NopeNopeNopetyNope
Hello I'm New here!
Joined: 15 Aug 2015
Posts: 1
|
 Posted:
Sat Aug 15, 2015 4:07 am |
  |
So I just did the registration step after lurking for a while. Please explain this.
| Quote: |
Welcome to forum.419eater.com Forums
Please keep this email for your records. Your account information is as follows:
----------------------------
Username: NopeNopeNopetyNope
Password: [my actual password...WTF?]
----------------------------
Your account is currently inactive. You cannot use it until you visit the following link:
link
Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you. However, should you forget your password you can request a new one which will be activated in the same way as this account.
|
|
|
|
|
|
|
Father Moleman
*** BANNED ***
Joined: 24 Dec 2014
Posts: 1929
Location: Somewhere far away
|
| Posted:
Sat Aug 15, 2015 5:13 am |
|
An automated script probably pulls if from the membership database on the server, the script will be able to unencrypt the password and insert it the password field on the email like a mail merge but no human accessing the database will, there's no security issue honestly unless you are giving out your email account password publicily. |
|
|
|
|
|
B8er
Associate Boomdazzler
Joined: 16 Feb 2009
Posts: 13579
Location: In self-isolation practicing social distancing
|
| Posted:
Sat Aug 15, 2015 6:42 am |
|
Or, the script for the welcome mail knows the password because it was passed straight to it unencrypted as you've just signed up, but once it is in the database it is unencryptable, sou can't be retrieved if you forget it. |
_________________
"I DENOUNCE THE MUFFIN MEN" - Ma Kim
"YOU ARE WALKING DEAD MAN. YOUR WOODEN COFFIN IS READY TO SWALLOW YOU AND YOUR DIRTY GENERATION"
"all chaps are ass-less by design otherwise they just be leather pants" - jose_cuervo
 x 5     
                                   x 335   🚽
 x 4  x 1746  x 1904 - Fake cheques: $4,392,620.83
Team Woody - Ghana to Singapore - 11535km |
|
|
|
|
Joker
*** BANNED ***
Joined: 26 Jul 2012
Posts: 1116
|
| Posted:
Sat Aug 15, 2015 9:10 am |
|
^ What b8er said, sign up runs to php "mail()" function with unencrypted password (password is not stored in anything), email sends, password from there is encrypted in the SQL database. Anyone want to give me their MD5 hash though?  |
_________________
All warfare is based on deception - Sun Tzu, The Art of War
لئيم كافر |
|
|
|
|
rev.dover
Wannabe Baiter
Joined: 12 Mar 2014
Posts: 91
|
| Posted:
Tue Aug 18, 2015 3:05 am |
|
Despite the fact that the password may be stored encrypted on whatever server 419eater.com uses what happens if your email gets hacked you forgot to delete the welcome to 419eater email? The hacker will have your password. |
_________________
|
|
|
|
|
irishemigrant
** REMEMBERED **
Joined: 22 Jul 2007
Posts: 4933
Location: 40*45' S 172* 34'E
|
| Posted:
Tue Aug 18, 2015 5:01 am |
|
^^ At some stage you have to stop holding everyones hand for them when they cross the road. |
_________________
SeniorNet NZ Local Branch ongoing workshops about internet scams
http://www.scamwarners.com/ For when you want to remember why we bait
Goodbye Mike (Paranoid) Friend, confidant, partner. Till we meet again.
Personal Message From The Axeman
  <-- Because you have earned them.     x8 a few x 13 |
|
|
|
|
|
|
SmartFeed
