Results 1 to 4 of 4

Thread: Password is sent in clear on initial registration email to new customer.

  1. #1
    Active Member
    Password is sent in clear on initial registration email to new customer.


    Join Date
    Sep 2009
    Location
    Vancouver, BC, Canada
    Posts
    458
    Total Contributions For

    JRR     $ 180.00
    Rep Power
    63


    Default Password is sent in clear on initial registration email to new customer.

    A customer asked me why the system sends the password in clear on his registration email. And while I don't think it is too much of a security issue (we don't collect or store credit card info) his point was he felt that passwords should never be sent in clear in an email.

    So, should I turn it off (how?) or do most not consider it an issue?

    I'm inclined to turn it off once I figure out how, as I think his point is reasonable, but no one else has said anything on this matter before. He is probably in IT...

    Thanks,

    John :-#)#

  2. #2
    osCMax Development Team

    Password is sent in clear on initial registration email to new customer.

    ridexbuilder's Avatar
    Join Date
    Jul 2008
    Location
    Haggisland
    Posts
    4,094
    Total Contributions For

    ridexbuilder     $ 15.00
    Rep Power
    95


    Default Re: Password is sent in clear on initial registration email to new customer.

    I've had this valid point mentioned on a couple of occasions over the course of a decade.
    The simplest method I found, is to modify the email template for successful registration - I'll try to find it again, to provide an example.
    EJ
    Last edited by ridexbuilder; 05-08-2017 at 02:10 AM.

    Developers resource at bitbucket
    *** *** ***
    oscmax.co.uk / ejsolutions.co.uk
    Hosting plans with installation, configuration, contributions, support and maintenance.
    *** FREE osCmax hosting available ***
    oscmaxtemplates.com

  3. #3
    osCMax Development Team

    Password is sent in clear on initial registration email to new customer.

    ridexbuilder's Avatar
    Join Date
    Jul 2008
    Location
    Haggisland
    Posts
    4,094
    Total Contributions For

    ridexbuilder     $ 15.00
    Rep Power
    95


    Default Re: Password is sent in clear on initial registration email to new customer.

    File: public_html/catalog/create_account.php, line 382 onwards..
    PHP Code:
          // BOF PHONE ORDER
          // $email_text .= EMAIL_ACCOUNT_DETAILS . "\n" . EMAIL_ACCOUNT_USERNAME . $email_address . "\n" . EMAIL_ACCOUNT_PASSWORD  . $password . "\n\n";
          
    $email_text .= EMAIL_ACCOUNT_DETAILS "\n" EMAIL_ACCOUNT_USERNAME $email_address "\n" EMAIL_ACCOUNT_PASSWORD  EMAIL_ACCOUNT_PASSWORD_REPLACEMENT "\n\n";
          
    // EOF PHONE ORDER 
    File: public_html/catalog/includes/languages/english/create_account.php, line 25 onwards..
    Code:
    define('EMAIL_ACCOUNT_PASSWORD', 'Password: ');
    define('EMAIL_ACCOUNT_PASSWORD_REPLACEMENT', '******* (masked). If necessary use Password Forgotten feature');
    Also make a similar change to any other language files that are used.

    IMHO, it would be better if this was used by default.
    Last edited by ridexbuilder; 05-08-2017 at 02:11 AM.

    Developers resource at bitbucket
    *** *** ***
    oscmax.co.uk / ejsolutions.co.uk
    Hosting plans with installation, configuration, contributions, support and maintenance.
    *** FREE osCmax hosting available ***
    oscmaxtemplates.com

  4. #4
    Active Member
    Password is sent in clear on initial registration email to new customer.


    Join Date
    Sep 2009
    Location
    Vancouver, BC, Canada
    Posts
    458
    Total Contributions For

    JRR     $ 180.00
    Rep Power
    63


    Default Re: Password is sent in clear on initial registration email to new customer.

    Thanks, implemented now! Clean forgot to do it as we were moving our shop after being in the same location for 35 years...

Similar Threads

  1. Welcome Email username & password
    By michael_s in forum New osCommerce Contributions
    Replies: 0
    Last Post: 03-17-2011, 09:03 PM
  2. Clear Customer Basket error
    By street in forum osCmax v2 Customization/Mods
    Replies: 3
    Last Post: 05-01-2010, 02:10 PM
  3. Welcome Email username & password
    By michael_s in forum New osCommerce Contributions
    Replies: 0
    Last Post: 05-04-2007, 04:23 PM
  4. Welcome Email username & password
    By michael_s in forum New osCommerce Contributions
    Replies: 0
    Last Post: 05-02-2007, 01:09 PM
  5. New Customer Registration
    By cygnus in forum osCMax v1.7 General Mods Discussion
    Replies: 2
    Last Post: 06-29-2005, 09:45 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •