Leaving bare passwords in the config file?

[alexhollinghead]

Why doesn't this plugin hash email passwords? It seems like a really bad idea to just have your gmail password sitting in plain text in the email.yaml file.

[rhukster]

This is a fundamental problem with email services. We need to be able to pass the actual plain text password to SMTP servers. If we hashed the passwords we would not be able to un-hash them (has is 1-way only). If we used some kind of 2-way authentication, then code to do that would be as visible in the files as the password itself, it would just be one extra step for a hacker (who already had access to all your files on your system) to decode the pw himself.

This is the same situation for any CMS, if they store the data plain text in db or files, these passwords need to be plaintext. Luckily you can help yourself out by always using SSL for mail sending but this is again is standard practice.