Quote:
Originally Posted by Faranth
whichs brings up security issues.
now anyone who got the md5 from one site could use it on another vB with the same modifcation made
thus creating an insecure system...
|
There are no security issues created just by storing passwords even in plain text provided the server(s) is(/are) secured well, and the people who have access to the database are responsible. Granted that will probably not be the ideal aproach in most scenarios, by no way is it just insecure for that.
Whether or not these two (see first sentence) can be aplied to a typical vb user, noting especially how many vbulletins run on shared hosting, that is a whole different story. Do you want to remove an extra safety net in case your well versed technical co-admin places a db backup somewhere without any security (another random example why hashes are there, but note that it does not make not hasing any less secure, it's just significantly harder to "screw up" if the passwords are hashed)?