Announcement

Collapse
No announcement yet.

Password privacy

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password privacy

    As I ran test orders last week, I discovered that the user's password was being displayed in plain text all over the place, on the website after creating the account and in various confirmation emails. I have since removed the code from the website/email messages. However, the "forgot password" function still sends them their original password they used to create the account instead of resetting it with a temporary one (like every other website I've ever used). This point was actually addressed in a thread that was closed so I have resurrected this issue. The last post (from May of 2009) was from Gonzalo Gil telling a user that the next release of the software would include one way encryption on passwords and users could reset their passwords rather than having the original password emailed. Is it because I am using an older template or is this still the case with 3.2?

    http://forums.3dcart.com/general-con...emailed-3.html
    www.macdimms.com
    The Mac Memory Specialists.

    Any fellow 3dcart Mac users can use the promo code - 3dcart - to receive a discount on RAM for your Mac. This is a special thank you for all the previous and future help!

  • #2
    There is a setting, I think it's in General Stores Settings (may be somewhere else) where you can turn off the emailing of passwords. Apparently what this does is disable the <!START: password--> code block functionality.
    You will need to remove or alter the code on the new account registration emails, as those have different password code block.

    Comment


    • #3
      Originally posted by Mark View Post
      There is a setting, I think it's in General Stores Settings (may be somewhere else) where you can turn off the emailing of passwords. Apparently what this does is disable the <!START: password--> code block functionality.
      You will need to remove or alter the code on the new account registration emails, as those have different password code block.
      Hi Mark,

      Yes, I've already manually went in and modified all of the code for the emails. The only thing I'm concerned with now is the "reset password" button - the default text below the button is "We will send you an email with a link to reset your password." This is what I want it to do, but instead it emails the original password - no bueno. Does anyone have their cart setup to actually have a link to reset their password?
      www.macdimms.com
      The Mac Memory Specialists.

      Any fellow 3dcart Mac users can use the promo code - 3dcart - to receive a discount on RAM for your Mac. This is a special thank you for all the previous and future help!

      Comment


      • #4
        Originally posted by gigahertz6 View Post
        Hi Mark,

        Yes, I've already manually went in and modified all of the code for the emails. The only thing I'm concerned with now is the "reset password" button - the default text below the button is "We will send you an email with a link to reset your password." This is what I want it to do, but instead it emails the original password - no bueno. Does anyone have their cart setup to actually have a link to reset their password?
        No, in fact I spoke to Tech Support about this, and they say it cannot be done at this time. I submitted a request that they change this to the feature request forum. Please vote! Here is the link - http://3dcart.uservoice.com/forums/7...rd-reset-link-
        Laura Z
        Brass & Silver Traditions
        www.brassandsilvertraditions.com

        Comment

        Working...
        X