Hi there
I have a system running CB 1.9.1
I know this is not the latest but I am in the middle of update J2.5 to J3.x and do not want CB 2.0x just yet.
On new registisation I am configured to send an email confirming details to the applicant. At the moment this includes [DETAILS]and this includes user name and password.
It is pointed out to me that this is insecure.
Is it possible to send two emails with this data separate?
If not, what work around could you suggest?
thanks
The password can only be sent in that email. During registration, during profile update (when password is changed), and during login are the only locations the password is plaintext. Once it's encoded it can not be reversed. So it's not possible to send them an email later with their password unless you store it as plaintext, which is just trading 1 issue for a massively more serious one. What isn't secure about sending them their details for the first time? How does 2 separate emails secure this?
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.