|
|
|
|
|
|
by yashchandra
5097 days ago
|
|
|
"They could still have the plaintext password in memory during the registration process" This is even worse IMO. so they are sending me a cleartext password that may or may not have been stored in db yet ? what if the db write process aborts while the user still gets the email ? bad bad bad |
|
|