ihatedeskjets Posted April 7, 2008 Posted April 7, 2008 Hi all, I just responded to a pm for help from a 1st time poster and registered on his stock / completely unmodified oscommerce site to test it. Checkout is broken and I cannot help him. As an after thought I realised I had used my "generic / usual" password to create the account, now what i'm wondering is: Can oscommerce be modified in such a way as to store my password in plain text ? or am I just paranoid and is this impossible ?
burt Posted April 7, 2008 Posted April 7, 2008 It is easy to rewrite osCommerce to send (or store) the password of every new customer in plain text.
ihatedeskjets Posted April 7, 2008 Author Posted April 7, 2008 It is easy to rewrite osCommerce to send (or store) the password of every new customer in plain text. EEEK, note to self, use random passwords on osc sites then.
warrenerjm Posted April 7, 2008 Posted April 7, 2008 Hi all,I just responded to a pm for help from a 1st time poster and registered on his stock / completely unmodified oscommerce site to test it. Checkout is broken and I cannot help him. As an after thought I realised I had used my "generic / usual" password to create the account, now what i'm wondering is: Can oscommerce be modified in such a way as to store my password in plain text ? or am I just paranoid and is this impossible ? I've had ramdom requests for help, which have rung alarm bells ie on things I have never posted about or got involved in, so I ignore them. Not sure what it's all about, but SPAM?
ohioman Posted April 7, 2008 Posted April 7, 2008 Something like that just wouldn't be logical. I would concentrate on where I submitted my password to. That is likely to be the biggest security risk in my opinion. It is always a bad idea to create new accounts with a username or password that you use everywhere else. That too is a risk. Iceman :thumbsup: Hi all,I just responded to a pm for help from a 1st time poster and registered on his stock / completely unmodified oscommerce site to test it. Checkout is broken and I cannot help him. As an after thought I realised I had used my "generic / usual" password to create the account, now what i'm wondering is: Can oscommerce be modified in such a way as to store my password in plain text ? or am I just paranoid and is this impossible ?
♥GLWalker Posted April 7, 2008 Posted April 7, 2008 You shouldnt worry much, how would they track which site you use the password at? And you could go change your password on his site before he has a chance to look at it. :rolleyes: By the way, I use the same customer password on all sites a work on, TesT1. Now hopefully no one logs in and changes my address. As for admin passwords thats different. I find little sticky notes with random passwords stuck all around the desk work well, unless someone finds some webcam footage! Oh crap!! Follow the community build: BS3 to osCommerce Responsive from the Get Go! Check out the new construction: Admin Gone to Total BS!
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.