On Saturday, 12 April 2014 at 09:53:13 UTC, Manu wrote:
We're talking about storing users passwords _in plain text_ on
a niche
forum server. What confidence could I possibly have that
dlang's forum
server is properly secured and monitored?
I'm comfortable that hackers (or even the administrators for
that matter)
may get my hashed salted passwords from time to time... that's
an
understanding of the internet that I have become comfortable
with. I'm NOT
comfortable that anyone can see my password in plain text. It's
practically
an invitation.
You do realize that, for example, forum.dlang.org does not use
https and thus passwords are sent in plain text over the internet
upon every login attempt anyway?
