[thesite] password input on user account page

Seb seb at members.evolt.org
Tue Jan 8 10:06:52 CST 2002

Hash: SHA1

Hi guys,

I'm just trying to get up to speed on thesite, as it's been a few months 
since I've had the time to actually contribute properly. In doing so, I've 
been playing around with a lot of the new features, and all I can say is 'wow'.

I do have one suggestion which impacts security and usability.

On the user account page where you can change your info, the password boxes 
are populated. This is a minor security hazard, as you could now 
potentially find a user's login details just by searching through their 
cache. I know it sounds unlikely to impact anyone, but it's not unheard of 
for sysadmins (ie. people like me) to get bored and go searching network 
caches for this kind of thing.

Obvious minor change to code: don't update the password if the input is empty.

Now, would anyone be kind enough to write a couple of paragraphs of 
cliff's-notes to help me catch up on [thesite]? Pretty please?

Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>


More information about the thesite mailing list