This thread is frustrating. Everyone seems more interested in nitpicking the specifics of what OP is saying and are ignoring that a forum sends you your password (not an automatically generated one) in an email on registration.

  • jormaig
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    But your password should never reach the server. It should be hashed already at the client and then salted at the server with a random hash. Then you store the salted hash