http://www.activecollab.com/forums/topic/2123/ Recent posts on topic: Password Security en-us Mon, 01 Dec 2008 23:32:17 UTC http://www.activecollab.com/forums/post/10119/#post10119 http://www.activecollab.com/forums/post/10119/#post10119 pdiki : ) this is very true!

Cheers, was just a thought.

]]> Wed, 17 Oct 2007 10:37:43 UTC http://www.activecollab.com/forums/post/10116/#post10116 http://www.activecollab.com/forums/post/10116/#post10116 Ilija Studen If someone breaks in and gains access to your database you have more serious problems than that.

We'll see what we can do about password encryption in the future.

]]> Wed, 17 Oct 2007 10:34:28 UTC http://www.activecollab.com/forums/post/10115/#post10115 http://www.activecollab.com/forums/post/10115/#post10115 pdiki Thanks Ilija,

I was more concerned with someone hacking/browsing the database and seeing a list of passwords. Could the API not use an encypted version?

]]> Wed, 17 Oct 2007 10:24:11 UTC http://www.activecollab.com/forums/post/10114/#post10114 http://www.activecollab.com/forums/post/10114/#post10114 Ilija Studen Decision to store password in plain text format was not related to Forgot password functionality. Passwords need to be accessible through the API so system needs to be able to read them. They are available only if you are accessing the system as administrator, people manager or the user itself.

]]> Wed, 17 Oct 2007 10:14:23 UTC http://www.activecollab.com/forums/post/10113/#post10113 http://www.activecollab.com/forums/post/10113/#post10113 pdiki Hi all,

Just been looking at the activecollab database for my installation, and noticed that the "users" table stores passwords in plain text. Is this not a security issue? I have been led to believe that only encrypted passwords should be stored, i.e. and md5 hash of the password. I know that this makes retrieving the users password impossible but this can easily be overcome by reseting the users password if they have forgotten it.

Any thoughts?

]]> Wed, 17 Oct 2007 10:07:11 UTC