Hacker News new | ask | show | jobs
by Arnt 2768 days ago
No. I've implemented precisely that and it doesn't prove what you think.

What you do is have one single function create the user, pick a random password, set it in the database (which in my case uses a perfectly sensible hash) and send the user email. The cleartext password in the mail comes from the function's local string variable, not from the database.

Whether doing this is a good idea is another question. IMO it usually isn't. But this kind of mail does not prove cleartext access.
3 comments
onion2k 2768 days ago
How often do you purge your mailserver's logs (or if you use a mail API, how often do they purge their logs)? If it's "Never, I didn't think of that." then all your user's inital passwords are sitting there for the taking.

Of course, you may have a system that forces a password reset on login. That won't help the users who have never logged in. Those accounts are freely available to a hacker.

Plaintext passwords anywhere are a really bad idea.

link
Arnt 2768 days ago
You make it sound as if most mail servers log message contents. None of the servers I've used in the past 25 years did that (sendmail 5 on ultrix, later smail 3, then zmailer, then postfix).

The recipients' servers store the message with the password, of course, but they also store the other messages the same user has received from the same server, which in my case contain the same information as what could be accessed with the password. So the password offers very little additional value to an attacker, compared to just reading the mail.

link
imtringued 2768 days ago
What if the email with the plain text password is sent after a user pressed on the "I forgot my password button"? Because so far I only have encountered this type of email where the password is sent in plain text.
link
heavenlyblue 2768 days ago
>> No. I've implemented precisely that and it doesn't prove what you think.

Well, the way I read the parent is that you can request a previously set password to be sent to your e-mail.

link
Arnt 2768 days ago
GP said … "sends you a welcome email with your password in plain text" … which seems clear enough.
link