|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
07-23-2018, 11:36 PM
|
#1 |
|
Confirmed User
Industry Role:
Join Date: Sep 2009
Location: Radelaide
Posts: 2,160
|
Gammae/Fame Dollars showing me my password over http
It's 2018, please - can affiliate programs start to tighten up their security? Why do you have my plaintext password stored anywhere? Why can I not access your website via https?
 Crazy. |
|
|
|
07-23-2018, 11:39 PM
|
#2 |
|
Confirmed User
Industry Role:
Join Date: Sep 2009
Location: Radelaide
Posts: 2,160
|
And I just realized they truncated my password to 16 characters... =/
|
|
|
|
|
07-24-2018, 12:00 AM
|
#3 |
|
Confirmed User
Industry Role:
Join Date: Oct 2011
Location: The land of the rising sun
Posts: 58
|
If you saw your password right after you signed up, it doesn't mean your password isn't hashed and stored.
Maybe be just showing $_POST data. |
|
|
|
|
07-24-2018, 01:27 AM
|
#4 |
|
Confirmed User
Industry Role:
Join Date: Aug 2006
Location: Poland
Posts: 9,228
|
Try the forgot password function. If your password is emailed to you it's stored plaintext. If it's reset to something else it suggests they most likely are only storing a hash.
__________________
Mechanical Bunny Media Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development |
|
|
|
|
07-24-2018, 01:33 AM
|
#5 |
|
Confirmed User
Industry Role:
Join Date: Nov 2003
Posts: 1,554
|
When I tried last time, the old pass was emailed with "forgot password". And it was truncated.
So the OP is right I believe :-( - they store plaintext passes - truncate them, not allowing proper password strength - use plain HTTP, no encryption |
|
|
|
|
07-24-2018, 07:22 AM
|
#6 | |
|
Confirmed User
Industry Role:
Join Date: Sep 2009
Location: Radelaide
Posts: 2,160
|
Quote:
It's not like I reuse passwords, but lax security here suggests lax security elsewhere. |
|
|
|
|
|
07-26-2018, 01:07 PM
|
#7 |
|
Confirmed User
Join Date: Nov 2008
Posts: 480
|
Thanks for pointing out the issues that we have with the cash program. While we have already moved our paysites over to an https model, we are currently in the process of finding a solution to improve the security and user-experience of our cash programs as well.
As soon as we launch improvements, we will make sure to let our affiliates know |
|
|
|
|
07-30-2018, 03:14 AM
|
#8 |
|
StraightBro
Industry Role:
Join Date: Aug 2003
Location: Monarch Beach, CA USA
Posts: 56,232
|
Bump for business
__________________
 Skype: CallTomNow |
|
|
|
Derrick
