Print Page | Close Window

Forum registration

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce 2010
Forum Discription: For .NET 4.0
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=3078
Printed Date: 24-Mar-2025 at 7:59pm


Topic: Forum registration
Posted By: spudcud
Subject: Forum registration
Date Posted: 03-Nov-2011 at 5:55am
Forgive me as I did not know a better place to put this.
 
When I registered for the forum it sent me an email that contained my password. Why was that done?
 
DO NOT SEND MY PASSWORD BACK TO ME IN PLAIN TEXT!!! Seriously, who thought that was a good idea? Stop it.
 
Steve


Replies:
Posted By: JoshO
Date Posted: 03-Nov-2011 at 1:02pm
Ok, not an unreasonable request but interesting in that this is the first in over 1200 user registrations. I am a member of several forums, newsletters, and other community sites that require registration and some send confirmation of passwords and some don't. Since I purchased and installed this forum software, it is my "fault" for not digging into the code and changing the registration functions. The only reason we require registration is to slow down spamming and the targeting or hacking of a community forum account seems pointless. On the other hand, if your email account was compromised and the password you chose for this forum was the same one you use for online banking or other important accounts, then having that password in an email is a major concern. Therefore, I have altered the registration code to send this instead:

Hi NewUserID,

Thank you for taking the time to register to use the forum DevForce Community Forum.

----------------------------
Username: - NewUserID
Should you forget your password, you can request to have a temporary one sent to your email address using the link below:
http://www.ideablade.com/forum/forgotten_password.asp
----------------------------

To activate your membership for DevForce Community Forum click on the link below:
http://www.ideablade.com/forum/blah blah blah....

My apologies for not taking a more security-minded approach when I tested this forum software. What was I thinking? Oh yeah, I wasn't!!

Posted By: spudcud
Date Posted: 04-Nov-2011 at 3:57am
Thank you for your quick response. I agree that registration is a good practice, including the email validation process. I have had my password sent to me from other forums and every time I scream about it so sorry if it came across strong but it is something that hits a hot spot with me.
I am surprised this is the first anybody has mentioned it. Shame on the other 1200 people who didn't say something about having their password sent via email.
 
Thanks Josh,
 
Steve


Print Page | Close Window