Admins should NOT be able to see passwords

Discussion in 'Setting-up protection' started by skylab, Oct 5, 2011.

  1. skylab

    skylab Member

    Joined:
    Sep 21, 2011
    Messages:
    33
    I should not be able to have access to see users passwords.... It should be encrypted and hidden from anyone ever being able to access it. That should be default and obvious.
    skylab, Oct 5, 2011
    #1
  2. skippybosco

    skippybosco CGI-Central Partner Staff Member

    Joined:
    Aug 22, 2006
    Messages:
    2,526
    Regarding displaying password or not, admins have different cases for whether they want to or don't want to view passwords.

    If you prefer not to, you can disable here:

    Logged on as admin -> Setup / Configuration -> Hide customer passwords in aMember CP
    skippybosco, Oct 6, 2011
    #2
  3. alex

    alex aMember Pro Customer Staff Member

    Joined:
    Jan 24, 2004
    Messages:
    6,021
    In any case, this is fixed in upcoming aMember Pro v4 - passwords are not stored in plain-text format at all.

    Regarding v3 - yes, we really should not be storing it in plain-text, but it was necessary to make 3-rd party scripts integrations possible. It required a lot of efforts to implement it without plain-text passwords...
    alex, Oct 6, 2011
    #3
  4. blue_vision

    blue_vision Member

    Joined:
    Sep 27, 2011
    Messages:
    79
    I agree with this and glad it's going to be fixed.
    blue_vision, Nov 25, 2011
    #4

Share This Page