[thewitt]

Quote:

Originally posted by Bald Bouncer
[clip]my main forum has been running for over 5 years now and we have never had a security breach and have always been very carefull.

As in most password exploits, you would likely never know if someone was using other people's accounts on your server because their passwords were exposed.

As for selling me, you posted here looking for support for adding a feature back into the product that is a no-no in every intellegent security resource on the planet. If you just wanted to ask Jelsoft to put it back in, you could have done so in a private email. That appears to me to be a solicitation for support, and I'm simply telling you that you don't have mine yet.

If you don't care, that's fine. I'm not put out by it, just giving you a chance to explain your reasoning for asking for what I consider to be a huge security hole in the software.

I would suggest that it will take more than a "put it back cause I don't like the change" argument to make a difference - but I've been wrong before.

Now someone could certainly write a hack that intercepts the password validation process and writes the plain-text, pre-encrypted password into another field in the database. I suspect this will be the way you'll expose the passwords in your forums in the future, and not by some reversal of design in vBulletin - but again, I've been wrong before.

If you want Jelsoft to put it back the way it was, you might also post your concerns in the vBulleting community forums and not in the hack forums. I'm not sure if that will make a difference, but I susect that's a better place to ask Jelsoft for changes.

Good luck,

-t