Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Clear text passwords

by Juerd (Abbot)
on Jun 05, 2018 at 00:27 UTC ( #1215896=monkdiscuss: print w/replies, xml ) Need Help??

It's 2018 and this site still stores clear text passwords (truncated to 8 characters, apparently), sends those passwords via clear text email, and uses clear text HTTP by default.

There has already been a breach, almost a decade ago, where passwords got stolen (including mine), and TLS certificates have been free through Let's Encrypt for 2 years now. I find the continued use of clear text HTTP and passwords very irresponsible and wonder what's keeping the dear admins from implementing modern security measures.

Juerd

Replies are listed 'Best First'.
Re: Clear text passwords
by LanX (Archbishop) on Jun 05, 2018 at 01:07 UTC
    Please use an autogenerated password and log in via https://perlmonks.org/

    Since you haven't posted here for 5 years:

    If you use supersearch for https in "PerlMonks Discussion" you'll find a bunch of older discussions you might have missed:

    Click Search

    HTH! :)

    Cheers Rolf
    (addicted to the Perl Programming Language :)
    Wikisyntax for the Monastery

Re: Clear text passwords
by trippledubs (Chaplain) on Jun 05, 2018 at 02:53 UTC

    oops I was wrong, sorry. :) Looks like your password is not sent via clear text either, I see encryption being used in the e-mail headers when I do password recovery. Even on old pw recovery e-mail.

      Kudos for following back up on that.

      In regards to security, many people have been desiring better of Perlmonks for a long time, but this is after all volunteer and there are reasonable workarounds for the SSL-desiring folk.

      At least here at PM, they aren't selling the data on you or the "friends" you speak to here like they are on Facebook (or Google, or 'insert name of monopoly sickness here'). I can't imagine what Your Mother would think if that were to happen if she got her info sold out just because I replied to one of your messages ;)

        Your Mother's friends are all sockpuppets... I should know, we are close.

        Cheers Rolf
        (addicted to the Perl Programming Language :)
        Wikisyntax for the Monastery

        Well it must have been working better yesterday. Today I am getting the pairsite cert. Pretty soon your going to have to click through a skull and bones, 20 field captcha, pics of crying babies just to log in.. The LE cert, perception wise, I think is better :)

Re: Clear text passwords
by trippledubs (Chaplain) on Jun 05, 2018 at 00:51 UTC
    Moses will reach the Promised Land before Perlmonks gets https

      You can use https://perlmonks.org/ now. You may have to confirm the cert as an exception since I think it's still using the *.pairsite.com root but it's still going to do its job. It's been available for a long time at this point.

        Chrome doesnt throw up flags. Says its lets encrypt x3 authority .weird that i couldnt copy paste that n cert info

      Then did Moses just reach the Promised Land?

      All my links turned red, and upon looking closer i find myself diverted to https://www.perlmonks.org/......

      is this a permanent thing now?

        It's confusing I sometimes get the *.pairsite.com certificate for https://perlmonks.org/ , which I have to accept manually.

        Since I remember that we are using at least two servers for load balancing, my first guess is that one of the apaches has the wrong cert-file in place.

        For me:

        all other combinations I tried required a manual exception.

        update

        Forgot to test *.perlmonks.net with Firefox, but they seem to work fine with my mobile browser.

        Cheers Rolf
        (addicted to the Perl Programming Language :)
        Wikisyntax for the Monastery

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: monkdiscuss [id://1215896]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (8)
As of 2019-04-25 16:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I am most likely to install a new module from CPAN if:
















    Results (127 votes). Check out past polls.

    Notices?
    • (Sep 10, 2018 at 22:53 UTC) Welcome new users!