Re: E-mails with user name and password to centrally registered users [XOOPS general usage questions]

1

E-mails with user name and password to centrally registered users

2010/4/9 19:48
Mazarin
Just can't stay away
Posts: 533
Since: 2008/12/10

I'm setting up a site where I register users centrally. Is there any way I can automatically send out an initial e-mail including BOTH the user name and the given password?

2

Re: E-mails with user name and password to centrally registered users

2010/4/10 7:02
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

This french thread may give you some ideas.

3

Re: E-mails with user name and password to centrally registered users

2010/4/10 15:04
anderssk
Quite a regular
Posts: 335
Since: 2006/3/21

Mazarin, that would be an unsecured way doing it.
Always keep the user name and password separated

Create the users and add some password for them.
You can use the xpassgen to create some stupid passwords

Alternative just go into the database and ad some password value (hash value(

Ask the users to use the lost password function and neither you, the user or the hackers know the actually (first time) password at any time.

4

Re: E-mails with user name and password to centrally registered users

2010/4/10 22:07
Mazarin
Just can't stay away
Posts: 533
Since: 2008/12/10

Security is not a real issue here since we're not dealing with sensitive information, but of course you're right in principle. I'll probably end up going with your suggested solution, as it is the most time efficient.

Also, thanks for your suggestion Ghia. I may implement it eventually if I have the time.

5

Re: E-mails with user name and password to centrally registered users

2010/4/12 0:05
Peekay
XOOPS is my life!
Posts: 2335
Since: 2004/11/20

I agree with anderssk. To cover your back, if you plan to send out usernames and passwords by email, I would add a strong recommendation in the mail template that your clients should print out the email... and then delete it.

If the email is left in the inbox of a free mail account that is compromised, then your user's XOOPS account is also compromised. Many Google mail users suffered a security breach recently that would have given you a big headache if your proposed email was downloaded by the hackers.

6

Re: E-mails with user name and password to centrally registered users

2010/4/12 8:32
ghia
Community Support Member
Posts: 4953
Since: 2008/7/3 1

I don't understand all the security fuss.
Quote:

Ask the users to use the lost password function and neither you, the user or the hackers know the actually (first time) password at any time.

The french threads' hacks are based on the lost password routines.
And in the lost password function the user name and the password is sent by mail!

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

E-mails with user name and password to centrally registered users

Re: E-mails with user name and password to centrally registered users

Re: E-mails with user name and password to centrally registered users

Re: E-mails with user name and password to centrally registered users

Re: E-mails with user name and password to centrally registered users

Re: E-mails with user name and password to centrally registered users

Login

Search

Recent Posts

Re: Mymenus Module with XOOPS 2.5.11-Stable

Re: PodTalk Theme (PUBLISHER)

PodTalk Theme (PUBLISHER)

Re: Mymenus Module with XOOPS 2.5.11-Stable

Re: Mymenus Module with XOOPS 2.5.11-Stable

Re: Mymenus Module with XOOPS 2.5.11-Stable

Re: Migrate from Wordpress

Re: Error in https://xoops.org/modules/wggithub/

Re: Error in https://xoops.org/modules/wggithub/

Re: XOOPS 2.5.11 session handling too strict?

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}