# Passwords Sent in Confirmation Emails

+ 3 like - 0 dislike
95 views

I have been pointed to the fact, that passwords have been transmitted to the user in confirmation emails after login in plaintext. Although I have seen this procedure on many other sites, this could be dangerous. Therefore I have changed the code so that only a "*********" text is transmitted in this case.

Note that credentials sent to a user after a reset of his account by a SuperAdministrator contain a temporary password. This password should immediately be changed after the first login in "Edit Profile" at the top of the page.

By the way: Passwords are hashed using SHA1 and then salted by a random number, before they are stored in the database. It is impossible to reconstruct the password from this hash.

 Please use answers only to (at least partly) answer questions. To comment, discuss, or ask for clarification, leave a comment instead. To mask links under text, please type your text, highlight it, and click the "link" button. You can then enter your link URL. Please consult the FAQ for as to how to format your post. This is the answer box; if you want to write a comment instead, please use the 'add comment' button. Live preview (may slow down editor)   Preview Your name to display (optional): Email me at this address if my answer is selected or commented on: Privacy: Your email address will only be used for sending these notifications. Anti-spam verification: If you are a human please identify the position of the character covered by the symbol $\varnothing$ in the following word:p$\varnothing$ysicsOverflowThen drag the red bullet below over the corresponding character of our banner. When you drop it there, the bullet changes to green (on slow internet connections after a few seconds). To avoid this verification in future, please log in or register.