Admins should NOT be able to see passwords

Discussion in 'Setting-up protection' started by skylab, Oct 5, 2011.

  1. skylab aMember Pro Customer

    Member Since:
    Sep 21, 2011
    Message Count:
    21
    I should not be able to have access to see users passwords.... It should be encrypted and hidden from anyone ever being able to access it. That should be default and obvious.
    skylab, Oct 5, 2011
    #1

  2. skippybosco CGI-Central Partner

    Member Since:
    Aug 22, 2006
    Message Count:
    2,516
    Regarding displaying password or not, admins have different cases for whether they want to or don't want to view passwords.

    If you prefer not to, you can disable here:

    Logged on as admin -> Setup / Configuration -> Hide customer passwords in aMember CP
    skippybosco, Oct 6, 2011
    #2

  3. alex Administrator

    Member Since:
    Jan 24, 2004
    Message Count:
    5,975
    In any case, this is fixed in upcoming aMember Pro v4 - passwords are not stored in plain-text format at all.

    Regarding v3 - yes, we really should not be storing it in plain-text, but it was necessary to make 3-rd party scripts integrations possible. It required a lot of efforts to implement it without plain-text passwords...
    alex, Oct 6, 2011
    #3

  4. blue_vision aMember Pro Customer

    Member Since:
    Sep 27, 2011
    Message Count:
    62
    I agree with this and glad it's going to be fixed.
    blue_vision, Nov 25, 2011
    #4

Share This Page