|Subject:||Passwords are stored in the DB as...|
|Summary:||Package rating comment|
Bjorn V rated this package as follows:
Bjorn V - 2011-01-28 15:28:34
Passwords are stored in the DB as "plain text" that's a very big "no-no". Passwords should be at least stored as MD5() (varchar(32)) or Sha1 (varchar(40))... Furthermore, I would like to see that you can "activate" or maybe even de-activate people, add or remove people to and from (multiple) usergroups... So it's very basic, it offers people an insight. But it's not a very "safe" script. It's VERY vulnerable to XSS and SQL injection(!), not to mention that the variables should be outside the quotes. It's a nice attempt to create a login class using AJAX, but it lacks security...