Two quick questions:

1) Are you storing passwords in plain-text in your database? When I signed up you sent me an activation email containing my password!

2) How do I change my password?

Thanks, - Andrew Davey

E774874a8acc65cc0f0bb1e77b4def5b?&s=42&rating=pg&d=http%3a%2f%2fopenhub.net%2fanon80
andrewdavey almost 9 years ago
 

Hi Andrew,

We store the passwords in a salted hash in our DB - not plain text. The mailing you received contained the password in plain text to serve as a note of record should you forget in the future. Our site doesn't rely on https, therefore all communication between you and Ohloh is relayed as plaintext and not very secure. We don't have the ability to reset your password yet, but if you'd like I could either:

  1. Delete your account so you can recreate it with a different password
  2. Modify your password to either a random one or something of your choosing (mail me at jason@ohloh.net)

Sorry if this surprised you in any way,

-jay

9dbaca493199c57710e53b56310f659d?&s=42&rating=pg&d=http%3a%2f%2fopenhub.net%2fanon80
Jason Allen almost 9 years ago
 

Post a Response