As I ran test orders last week, I discovered that the user's password was being displayed in plain text all over the place, on the website after creating the account and in various confirmation emails. I have since removed the code from the website/email messages. However, the "forgot password" function still sends them their original password they used to create the account instead of resetting it with a temporary one (like every other website I've ever used). This point was actually addressed in a thread that was closed so I have resurrected this issue. The last post (from May of 2009) was from Gonzalo Gil telling a user that the next release of the software would include one way encryption on passwords and users could reset their passwords rather than having the original password emailed. Is it because I am using an older template or is this still the case with 3.2?
http://forums.3dcart.com/general-con...emailed-3.html
http://forums.3dcart.com/general-con...emailed-3.html
Comment