Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » Password in clear
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Password in clear [message #167256] Sat, 26 May 2012 01:39 Go to next message
WhiteTiger is currently offline  WhiteTiger   
Messages: 40
Registered: April 2012
Karma: 0
add to buddy list
ignore all messages by this user
In the log I found this message.
Where there is << >> there was the real data.
What is wrong is that the password is in clear.
We can not leave the real data in a log file.

1062: Duplicate entry '<<user email>>' for key 'fudfci_users_i_e'
Query: INSERT INTO fudfci_users ( login, alias, passwd, salt, name, email, avatar, avatar_loc, icq, aim, yahoo, msnm, jabber, affero, google, skype, twitter, posts_ppg, time_zone, birthday, last_visit, conf_key, user_image, join_date, location, theme, occupation, interests, referer_id, last_read, sig, home_page, bio, users_opt, reg_ip, topics_per_page, flag_cc, flag_country, custom_fields ) VALUES ( '<<username>>', '<<username>>', '2baabec49de1918a0eca26970f993e3b775a4d4a', 'd2f2d54df', '<< Full Name>>', '<<user email>>', 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 40, 'Europe/Rome', NULL, 1337767715, '79a503103fd21985a95b66ecebd44cac', NULL, 1337767715, NULL, 1, NULL, NULL, 0, 1337767715, NULL, NULL, NULL, 4357110, 1326988097, 40, NULL, NULL, '' )
_POST: array ( 'SQ' => '9a092b5081504be38981a16e88d3a835', 'login' => '<<username>>', 'passwd' => '<<password>>', 'email' => '<<user email>>', 'name' => '<<Full Name>>', 'usr_add' => 'Add User', )

[Updated on: Sat, 26 May 2012 01:40]

Report message to a moderator

Re: Password in clear [message #167271 is a reply to message #167256] Sun, 27 May 2012 04:44 Go to previous message
naudefj is currently offline  naudefj   South Africa
Messages: 3624
Registered: December 2004
Karma: 17
Senior Member
Core Developer
remove from buddy list
ignore all messages by this user
This shows that FUDforum received the password in clear text, and encrypted it before attempting to insert it into the database. The _POST array (with whatever the user typed) is included for debugging purposes. Only forum administrators can look at these log entries.
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Disabling web site entry in user profiles
Next Topic: Member Postings
Goto Forum:

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Oct 21 08:18:20 EDT 2017

Total time taken to generate the page: 0.00597 seconds