search

dmitry-solomadin / skwibl

Realtime collaboration service.
http://skwibl.com
1 stars 0 forks source link

Improve password security. #212

Open yuri-karadzhov opened 11 years ago

yuri-karadzhov commented 11 years ago

Store password hashes, reset password on password forgot, make script to convert old passwords.

dmitry-solomadin commented 11 years ago

Is this fixed?

yuri-karadzhov commented 11 years ago

No. It is not. We store passwords as they are and send them directly to email. We should store hashes instead and send a link which will help to reset password (at least we should implement firs part).