Skip to main content
Topic: Logs showing plain password (Read 2432 times) previous topic - next topic

Logs showing plain password

The application storing the new user registrations with passwords in plain text. Security issue..

 

Re: Logs showing plain password

Reply #1
There's option to save password in plain text or hash the password using(BCRYPT,SHA1,MD5...) before saving. Probably you have chosen to save as plain text.

Please verify before you post something like this.



Re: Logs showing plain password

Reply #2
Hi Emman,
The password storing into database is encrypted (MD5).
Im talking about the LOGS file. Could you advise plz?

Re: Logs showing plain password

Reply #3
Hi Emman, Any updates?
sometimes, Silence is considered as acceptance.

Hopes some other public forum members could verify this issue themselves too. Because if this is actual case, the PHPRAD deve team have to work on this matter too.


Re: Logs showing plain password

Reply #5
Hi,
1.   PHPRAD project > enable >Authentication
2.   Assign DB tables
3.   Allow users to register
4.   Set Audit Trail Log > FILE
5.   Registration page > Password field > set as PASSWORD & MD5 hashing
6.   Do a test user registration.
7.   The audit trail log file will show the password in plain text.
8.   Actually the PHPRAD is work very well. Im ok to exclude this USERS ADD page from audit log settings.
Just the password field is in plain text (only on AUDIT TRAIL FILE) and need attention on that part for security measure..

And finally,
Im just a favourable user of this PHPRAD. I wondered about this issue, and seeking your valuable advise. Kindly reply to the forum members as -- what is the scenario, how to reproduce the issue etc.,..-- instead of using some laymen term replies like "Please verify before you post something like this."

Thank you  ;)

Re: Logs showing plain password

Reply #6
ref image..2.png

Re: Logs showing plain password

Reply #7
This brand is dying itself by not responding to people questions.
If the question is user's mistake, support will reply instantly within a day.
If the question is related to product's bug (a few as i know well..), they never ever get back even for months-years.



Re: Logs showing plain password

Reply #10
@willvin , thats a nice reply. Thank you for your kind response to the forum.