Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re^5: False Passwords Void / Method to Disable Your Account

by Argel (Prior)
on Oct 05, 2009 at 23:17 UTC ( #799362=note: print w/ replies, xml ) Need Help??


in reply to Re^4: False Passwords Void / Method to Disable Your Account
in thread False Passwords Void / Method to Disable Your Account

The email address and real name are only stored in the database, right? So unless the user (or hackers) intentionally disclose that information it shouldn't be cached anywhere else.

Elda Taluta; Sarks Sark; Ark Arks


Comment on Re^5: False Passwords Void / Method to Disable Your Account
Re^6: False Passwords Void / Method to Disable Your Account
by ambrus (Abbot) on Oct 07, 2009 at 08:36 UTC

    Yeah, and if perlmonks deleted your email when your account is disabled then you couldn't get an email from the administrators if they found out your password was stolen (either because the attack was done before you disabled your account, or, like now, the attackers got hold of an earlier backup of the database). I don't mind that, because I for one don't want such an email (the Create A New User page even sort of promised they won't send me one), but you just might want to know.

      Lets look at how the current incident was handled. First, only people who had their information published by the hackers were notified by email. That means that the majority of users were not notified by email. Second, as far as we know, this site is still vulnerable to the same type of attack used on the old server. Third, passwords are still stored plain text. Given the less than stellar response by PM to the recent incident, there is no reason to expect PM to do a good job if it happens again. Therefore, if you are disabling your account, odds are you are better off having your information erased.

      Elda Taluta; Sarks Sark; Ark Arks

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://799362]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2014-09-21 01:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (165 votes), past polls