Welcome to the Piano World Piano Forums
Over 2 million posts about pianos, digital pianos, and all types of keyboard instruments
Join the World's Largest Community of Piano Lovers (it's free)
It's Fun to Play the Piano ... Please Pass It On!

Gifts and supplies for the musician

Piano Acc. & Gift Items in
Piano World's Online Store
In PianoSupplies.com ,(a division of Piano World) our online store for piano and music gifts and accessories, party goods, tuning equipment, piano moving equipment, benches, lamps and more.

Free Shipping on Jansen Artist Piano Benches
(ad) Pianoteq
(ad) Pearl River
Pearl River Pianos
(ad) P B Guide
Acoustic & Digital Piano Guide
Who's Online
136 registered (Alexander Borro, ando, ajeales, accordeur, Anne'sson, 36 invisible), 1639 Guests and 9 Spiders online.
Key: Admin, Global Mod, Mod
(ad) Estonia Piano
Estonia Pianos
Quick Links to Useful Piano & Music Resources
Our Classified Ads
Find Piano Professionals-

*Piano Dealers - Piano Stores
*Piano Tuners
*Piano Teachers
*Piano Movers
*Piano Restorations
*Piano Manufacturers

Quick Links:
*Advertise On Piano World
*Free Piano Newsletter
*Online Piano Recitals
*Piano Recitals Index
*Piano & Music Accessories
*Live Piano Venues
*Music School Listings
* Buying a Piano
*Buying A Acoustic Piano
*Buying a Digital Piano
*Pianos for Sale
*Sell Your Piano
*How Old is My Piano?
*Piano Books
*Piano Art, Pictures, & Posters
*Directory/Site Map
*Virtual Piano
*Music Word Search
*Piano Screen Saver
*Piano Videos
*Virtual Piano Chords
Topic Options
#2036544 - 02/20/13 05:09 PM How about you don't send my password in a plain text email?
DavidCa Offline
Junior Member

Registered: 02/19/13
Posts: 1
When I registered here, I immediately got an email saying welcome to the forum, your username is <blah> and your password is <blah>.

This is bad because anyone can see those emails. It compromises security of this site majorly. It also compromises the security of other sites if that user has used the same password elsewhere.

Please change this.

Piano & Music Accessories
#2191195 - 12/02/13 12:55 AM Re: How about you don't send my password in a plain text email? [Re: DavidCa]
lolatu Offline
500 Post Club Member

Registered: 11/01/13
Posts: 865
Loc: UK
Agree - I was pretty shocked to receive this in plain text too. I've never seen any other site send a password like this, with the exception of randomly generated single-use passwords that must be changed immediately.

Now anyone who can read my gmail (Google, NSA, GCHQ etc) can also see my username and password for this site, which in itself doesn't matter that much, but what if I used something similar for my bank account or who-knows-where else?

It may also be an indication of deeper security problems you have here, since it suggests you're actually storing passwords on your server. You should NEVER store passwords - this is a schoolboy error - only a salted hash. Please tell me this isn't so... if it is, you have a huge security liability on your hands, and getting hacked or otherwise compromised would be disastrous for you and your users.
Kawai CA95 / Steinberg UR22 / Sony MDR-7506 / Pianoteq Stage / Galaxy Vintage D
In the loft: Roland FP3 / Tannoy Reveal Active / K&M 18810

#2192848 - 12/05/13 09:06 AM Re: How about you don't send my password in a plain text email? [Re: DavidCa]
UKIkarus Offline
Full Member

Registered: 03/05/13
Posts: 378
Loc: England, South East
I'm pretty sure they would be storing salted hashes and the password being sent to the email is simply a copy of the value from the moment the form is submitted for registration as opposed to what is stored in the database.

They are however running a rather outdated version of the forum package which should ideally be updated, that said however I am fully aware of how difficult that can prove to be given that most end up changing the structure of templates/plugins so many of the originals no longer work/display correctly on the newer versions without some editing (in some cases A LOT of editing)

Perhaps this is why they have decided to stick with what they have for now?
Yamaha MOX8 Synthesizer

#2193471 - 12/06/13 12:06 PM Re: How about you don't send my password in a plain text email? [Re: DavidCa]
UKIkarus Offline
Full Member

Registered: 03/05/13
Posts: 378
Loc: England, South East
Scratch that, the version is 7.5.7 which is fairly recent ...
Yamaha MOX8 Synthesizer


the Forums & Piano World

Trying Something New with Search
(ad) Yamaha CP4 or CP40 Free Bag
Buy a CP4 or CP40 Get a Free Bag
(ad 125) Sweetwater - Digital Keyboards & Other Gear
Digital Pianos at Sweetwater
(ads) PD - WNG - MH
Mason & Hamlin Piano Factory Tours
Ad (the Piano Store)
the Piano Store - Restored Steinway Pianos
(125ad) Dampp Chaser
Dampp Chaser Piano Life Saver
New Topics - Multiple Forums
Audio dropouts... Ok but, who is guilty in my system?
by stamkorg
11/28/15 11:46 AM
Me playing Ravel, would appreciate feedback!
by MrAdam134
11/28/15 11:04 AM
Assessing the difficulty of potential repertoire.....
by dogperson
11/28/15 10:56 AM
Acorn MasterKey, fun little toy
by Alexander Borro
11/28/15 10:41 AM
How do you cope with musician's block?
by Pulatom
11/28/15 04:10 AM
What's Hot!!
Posting Pictures on the Forums
Forums Rules & Help
on Piano World

The world's most popular piano web site.
Forum Stats
81,572 Registered Members
44 Forums
168,627 Topics
2,470,416 Posts

Most users ever online: 15,252 @ 03/21/10 11:39 PM

Visit our online store for gifts for music lovers

Help keep the forums up and running with a donation, any amount is appreciated!
Or by becoming a Subscribing member! Thank-you.
Donate   Subscribe
Our Piano Related Classified Ads
Dealers | Tuners | Lessons | Movers | Restorations | Pianos For Sale | Sell Your Piano |

Advertise on Piano World
| Subscribe | Piano World | PianoSupplies.com | Advertise on Piano World | Donate | Link to Us | Classifieds |
| |Contact | Privacy | Legal | About Us | Site Map | Free Newsletter | Press Room |

copyright 1997 - 2015 Piano World ® all rights reserved
No part of this site may be reproduced without prior written permission