------------------------------------------------------------------------ A poll associated with this post was created, to vote and see the results, please visit http://forums.slimdevices.com/showthread.php?t=34909 ------------------------------------------------------------------------ Question: My opinion of this is... - I don't use RadioTime, and I think this is OK - I don't use RadioTime, but that sounds like a problem - I use RadioTime, and I don't care about these "flaws" - I use RadioTime, and this bothers me at least a bit ------------------------------------------------------------------------
Peter, thanks for the great feedback. I do work for RadioTime, but not in a technical role. We've tried to balance security against ease of use, since our site is about finding radio, ease of use and simple implementation typically win. But we'll revisit some of the practices below. Yes, a malicious user could guess a username, then request a password reset and then discover an email address. We began displaying the email and clear text password retrieval because a fair number of users would forget the account used or misspelled the email, and then get completely frustrated and stuck in a loop. Within the radiotime system passwords are not stored in clear but encrypted. You are correct, basic registration is not secure, only paid registration. RadioTime support had deleted your account as requested, we don't know what email address they replied to (if at all). We intend to allow users to delete their own account. We'll add some text to the signup and privacy policy saying passwords may be sent in clear text. -- radiobill ------------------------------------------------------------------------ radiobill's Profile: http://forums.slimdevices.com/member.php?userid=11404 View this thread: http://forums.slimdevices.com/showthread.php?t=34909 _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/discuss
