Encrypting Passwords!

Hi, the integration with my site is going very well.

quick question - what was the logic behind leaving the passwords in plaintext? This could be a huge security problem - most users will typically use the same password across sites. I really don't want to be trusted with their passwords. I don't want to see them. I want to be able to change them (or better yet let them use the password recovery routine built into amember)

No other script/program that I know of stores passwords in plaintext.

BP

I see this thread is kind of old. Is amember still unable to use encrypted passwords due to integration issues? Also is it now able to hide the passwords from admins? Thanks for any information.

My aMember installation is 3.1.6PRO. It allows hiding the passwords from the administrator. This seems to be the general feeling of the admins. They don't want to see the passwords of the members. Yes, password encryption would be the best method of protection and privacy. But if encryption causes troubles with functioning, keep it out. The admins should just close their eyes! Hide the passwords from your view!

Ion Saliu
Software Download: Paid Membership Required

Hiding passwords from Admin assistants is a good idea, because not everyone can be trusted. But any administrator with database access who can't be trusted with their member's passwords shouldn't be operating a website.

I realize that some admins require assistance from tech people from time to time, and the passwords in the database become available to those tech people, and this could potentially be a problem. However, any good tech person would be able to examine the PHP code and figure out a decryption method if one existed, so there can't be a perfect solution here when working with 3rd party script integration.

The best solution in this case would be to carefully select a trustworthy tech person when needed.