Group: Member
Post Group: Newbie
Posts: 6
Status:
|
The default email notifications include the database password and the application username password by default - both in clear text - through open, insecure emails.
I suggest implementing the following customizeable options:
a) Let the Softaculous admin determine if such passwords should be sent at all (one option for each type of password), and if they should be sent, whether to let the user override this in their email settings or not.
b) Let the user specify if they want passwords in the notification emails at all (in case the admin setting is to send them, otherwise this is not relevant and this option should be hidden), or if they want to include for example only partial passwords, but not the whole password. (This can make life easier for admins that have many sites and a "password scheme" to follow, which can be hard to remember sometimes, especially in periods when default passwords are updated for security reasons).
c) Further on b).., let users specify how many characters of the password(s)(one setting for the db pw, and another for the application pw) to include, and from which side (from the left or from the right).
See also:"Default password and email template"http://www.softaculous.com/board/index.php?tid=697&tpg=1#p10268
|