FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » Password in clear
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Password in clear [message #167256] Sat, 26 May 2012 05:39 Go to next message
WhiteTiger is currently offline  WhiteTiger   
Messages: 40
Registered: April 2012
Karma: 0
Member
In the log I found this message.
Where there is << >> there was the real data.
What is wrong is that the password is in clear.
We can not leave the real data in a log file.

1062: Duplicate entry '<<user email>>' for key 'fudfci_users_i_e'
Query: INSERT INTO fudfci_users ( login, alias, passwd, salt, name, email, avatar, avatar_loc, icq, aim, yahoo, msnm, jabber, affero, google, skype, twitter, posts_ppg, time_zone, birthday, last_visit, conf_key, user_image, join_date, location, theme, occupation, interests, referer_id, last_read, sig, home_page, bio, users_opt, reg_ip, topics_per_page, flag_cc, flag_country, custom_fields ) VALUES ( '<<username>>', '<<username>>', '2baabec49de1918a0eca26970f993e3b775a4d4a', 'd2f2d54df', '<< Full Name>>', '<<user email>>', 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 40, 'Europe/Rome', NULL, 1337767715, '79a503103fd21985a95b66ecebd44cac', NULL, 1337767715, NULL, 1, NULL, NULL, 0, 1337767715, NULL, NULL, NULL, 4357110, 1326988097, 40, NULL, NULL, '' )
_POST: array ( 'SQ' => '9a092b5081504be38981a16e88d3a835', 'login' => '<<username>>', 'passwd' => '<<password>>', 'email' => '<<user email>>', 'name' => '<<Full Name>>', 'usr_add' => 'Add User', )



[Updated on: Sat, 26 May 2012 05:40]

Report message to a moderator

Re: Password in clear [message #167271 is a reply to message #167256] Sun, 27 May 2012 08:44 Go to previous message
naudefj is currently offline  naudefj   South Africa
Messages: 3771
Registered: December 2004
Karma: 28
Senior Member
Administrator
Core Developer
This shows that FUDforum received the password in clear text, and encrypted it before attempting to insert it into the database. The _POST array (with whatever the user typed) is included for debugging purposes. Only forum administrators can look at these log entries.
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Disabling web site entry in user profiles
Next Topic: Member Postings
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 29 00:03:47 GMT 2024

Total time taken to generate the page: 0.02112 seconds