Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Re^5: False Passwords Void / Method to Disable Your Account

by Argel (Prior)
on Oct 05, 2009 at 23:17 UTC ( #799362=note: print w/replies, xml ) Need Help??

in reply to Re^4: False Passwords Void / Method to Disable Your Account
in thread False Passwords Void / Method to Disable Your Account

The email address and real name are only stored in the database, right? So unless the user (or hackers) intentionally disclose that information it shouldn't be cached anywhere else.

Elda Taluta; Sarks Sark; Ark Arks

  • Comment on Re^5: False Passwords Void / Method to Disable Your Account

Replies are listed 'Best First'.
Re^6: False Passwords Void / Method to Disable Your Account
by ambrus (Abbot) on Oct 07, 2009 at 08:36 UTC

    Yeah, and if perlmonks deleted your email when your account is disabled then you couldn't get an email from the administrators if they found out your password was stolen (either because the attack was done before you disabled your account, or, like now, the attackers got hold of an earlier backup of the database). I don't mind that, because I for one don't want such an email (the Create A New User page even sort of promised they won't send me one), but you just might want to know.

      Lets look at how the current incident was handled. First, only people who had their information published by the hackers were notified by email. That means that the majority of users were not notified by email. Second, as far as we know, this site is still vulnerable to the same type of attack used on the old server. Third, passwords are still stored plain text. Given the less than stellar response by PM to the recent incident, there is no reason to expect PM to do a good job if it happens again. Therefore, if you are disabling your account, odds are you are better off having your information erased.

      Elda Taluta; Sarks Sark; Ark Arks

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://799362]
[marinersk]: Corion This DBA wants to smack others who like putting whitespace in column names.
[marinersk]: s/smack/whap/;
[talexb]: Wow, what hilariously bad form.
[SuicideJunkie]: Just wait; someday soon, you'll be given a DB with unicode emojis in the column names.
[Corion]: marinersk: Well, I have done select statements like select sum(foo) as "Total Amount", ..., but to have a table like that makes me shudder
[Corion]: SuicideJunkie: :-D

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (10)
As of 2017-05-25 14:58 GMT
Find Nodes?
    Voting Booth?