Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re^5: False Passwords Void / Method to Disable Your Account

by Argel (Prior)
on Oct 05, 2009 at 23:17 UTC ( #799362=note: print w/replies, xml ) Need Help??

in reply to Re^4: False Passwords Void / Method to Disable Your Account
in thread False Passwords Void / Method to Disable Your Account

The email address and real name are only stored in the database, right? So unless the user (or hackers) intentionally disclose that information it shouldn't be cached anywhere else.

Elda Taluta; Sarks Sark; Ark Arks

  • Comment on Re^5: False Passwords Void / Method to Disable Your Account

Replies are listed 'Best First'.
Re^6: False Passwords Void / Method to Disable Your Account
by ambrus (Abbot) on Oct 07, 2009 at 08:36 UTC

    Yeah, and if perlmonks deleted your email when your account is disabled then you couldn't get an email from the administrators if they found out your password was stolen (either because the attack was done before you disabled your account, or, like now, the attackers got hold of an earlier backup of the database). I don't mind that, because I for one don't want such an email (the Create A New User page even sort of promised they won't send me one), but you just might want to know.

      Lets look at how the current incident was handled. First, only people who had their information published by the hackers were notified by email. That means that the majority of users were not notified by email. Second, as far as we know, this site is still vulnerable to the same type of attack used on the old server. Third, passwords are still stored plain text. Given the less than stellar response by PM to the recent incident, there is no reason to expect PM to do a good job if it happens again. Therefore, if you are disabling your account, odds are you are better off having your information erased.

      Elda Taluta; Sarks Sark; Ark Arks

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://799362]
[Corion]: marto: You mean "Sane Dots Dramatic Reading of ITIL" ? ;)
[marto]: Sane Dots, chapter 13: ITIL never work :P
[marto]: sorry, bad pun of it'll :P
[Corion]: :-D
[Corion]: I think that ITIL is mostly to prevent people from doing harm to a system that basically runs unattended :)
[Corion]: Maybe you could reduce ITIL to a computer network, a man and a dog. The network runs the computations. The man is there to feed the dog. The dog is there to prevent the man from accessing the computers.
[marto]: from experience of this side of the fence, it's all about proving to people that you are ITIL compliant, then the client ignores logical processes anyway :P

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (12)
As of 2017-01-24 10:31 GMT
Find Nodes?
    Voting Booth?
    Do you watch meteor showers?

    Results (203 votes). Check out past polls.