Passwords stored in plaintext?!?
I’ve just downloaded and installed Word Press 1.01 on my local machine and it works quite well. However, I forgot the admin password so I logged into my MySQL console to change it. I was shocked to discover that the passwords were all stored in plaintext – i.e. with no encryption whatsoever.
Why on earth aren’t passwords encrypted/hashed using md5 (functionality for this is built into both PHP and MySQL!)? It’s crazy to have passwords in any two-way encryption form if all you’re doing is checking to see whether the user has entered the correct value.
- The topic ‘Passwords stored in plaintext?!?’ is closed to new replies.