|
|
|
|
|
|
by elliottcarlson
877 days ago
|
|
|
Obviously, the answer is never (unless it's for _very_ specific testing in a dev only environment). In this case, it's not that they were sending the password directly for any reason, but instead returning the raw SMTP log from sending the email; which as a byproduct had the password in it due to needing to authenticate with the SMTP server. |
|
|