Question about website admins

Discussion in 'Chit Chat' started by Melvarius, Sep 4, 2012.

  1. Melvarius

    Melvarius MDL Novice

    Sep 21, 2009
    43
    5
    0
    Hi folks
    This question is not about nor related to MDL Forums.

    Q.Can a Website admin view user passwords?

    From my limited knowledge, I am under the impression (through use of Joomla as an Admin) that they can see your e-mail address and change it. They can also change your password but not view your original password (a manual re-set).

    The website in question is not available to the general public and I discovered this little quirk purely by accident as I'd set up a bogus e-mail (a@b.com).
    When I changed my password (which I forgot to write down) I had to ask the Admin to reset my password as I'd forgotten what I'd changed it to and the e-mail wasn't a valid one so i couldn't use the reset password link on the site.

    I was quite surprised when, instead of a new password, I was given my password.

    I have Googled this question but could only find reference to a website called troopmaster which apparently can, or could, view user passwords.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Niekess

    Niekess MDL Addicted

    Mar 31, 2011
    837
    563
    30
    It all depends on the code of the website. The developer can choose to encrypt the password and store them into the database or just put it as plain text. Most sites encrypt them to ensure an user's privacy and as protection for hackers. Personally do I encrypt passwords on my sites, most people do actually.

    The site you are talking about choose to store the password as plain text, that's why he gave your original password. ;)
     
  3. Melvarius

    Melvarius MDL Novice

    Sep 21, 2009
    43
    5
    0
    Thanks for the info Niekess. It sounds like rather a sloppy web design practice to store the password as plain text. The site is on an secure system so I'm guessing it should be ok.

    Would the Web Designer be able to change the passwords to an encrypted form without affecting user log ins.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Niekess

    Niekess MDL Addicted

    Mar 31, 2011
    837
    563
    30
    Yes, that is possible to change the passwords to an encrypted form. However does the website code needs to be altered to read the new kind of encrpyed passwords. ;)