http://codecs.forumotion.net site registration security bad practice

View previous topic View next topic Go down

http://codecs.forumotion.net site registration security bad practice

Post by BloomingAzaleas on Mon Oct 02, 2017 9:02 pm

Noting that codecs.forumotion.net is HTTP, not HTTPS, not great but OK. When first registering for the forum a password strength assessment is indicated and a confirmation of the new password is requested - good. However, then both username and password are sent in the *same* confirming email, effectively broadcasting the entire credential set to the world.

The point of a password when would then be what?

BloomingAzaleas

Posts : 8
Join date : 2017-10-02

View user profile

Back to top Go down

Re: http://codecs.forumotion.net site registration security bad practice

Post by Admin on Mon Oct 02, 2017 10:43 pm

The forum is on an external host, so this behavior can't be changed.

Use a unique password and delete the confirmation email if others have access to your mail.

Admin
Admin

Posts : 3737
Join date : 2011-06-17

View user profile http://codecs.forumotion.net

Back to top Go down

Re: http://codecs.forumotion.net site registration security bad practice

Post by notcyf on Wed Oct 04, 2017 9:03 pm

Emails are still encrypted using conventional encryption by the SMTP host, which is most likely a host that uses SSL.

notcyf

Posts : 103
Join date : 2017-08-24

View user profile

Back to top Go down

Re: http://codecs.forumotion.net site registration security bad practice

Post by BloomingAzaleas on Thu Oct 05, 2017 4:17 pm

Yes. But for grins I will point out that when you send an email, unless all routing is within a known closed environment such as within an enterprise email system, then you do not know how well or poorly each of the email relays is configured for connection encryption or peer-host authentication. Then, even if all hops are are encrypted and authenticated, one of the relays could be compromised and scanning traffic for interesting content to exfiltrate. Then, routes are not guaranteed to repeat. When I receive phishing emails I use my email client to view the source (the raw text content typically hidden by email clients) and am always amazed at how many hops emails can take.

BloomingAzaleas

Posts : 8
Join date : 2017-10-02

View user profile

Back to top Go down

Re: http://codecs.forumotion.net site registration security bad practice

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum