>Those look really funny, anyone know the what algorythm is used, i >suppose >it's the standard db2 function, but haven't tried that yet. .. because of the column type this is just a hexadecimal representation .. you can easily convert it to char ... > > 3) "Password-Reminders" >Actually these are the answers of the authentification questions, >asked >for >confirming the user's identity (which hints that the passwords may be > >decryptable) ... once you got the right answer you are able to change or at least reset the password .. and .. thats the trick :) >I just confirmed that on Net.Commerce 3.1.2 and it's a really nasty >bug. >One may query virtually any data from the db from almost any >macro (default & custom). I don't believe it's an error in >net.data. ... it is def. a "classic" "no-input-validation" :-) hole ... rc _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.