Here password are clear too .... RGPD/ GDPR... Always not compliant after 1 1/2 yrs ... Does it a normal situation ????
Author: AxelMore 1 yr of alerts on GDPR compliance.
Nothing has been done !!!! It's NOT ACCEPTABLE
Security by Design which is necessary to be compliance is not respected by Incomedia !!!!
And the only answer is that it was difficult to undertsand the offical documentation and to know what was necessary to do... yes yes. I got this answer.
Not OK - password are in clear text into the dababase... Now you know
Not OK - password are in clear text into received email when you said 'I forgot my password' Now you know
Not Ok - No graphical interface to manage, edit, delete users. Need to go via MyPHPAdmin manually !!! Now you know
Other one for toda !!!! If you are using user access into your projet open upload\res\access.inc.php
Ho big surprise, password are in clear text too.... ... Now you know
Since long time, I explained that password encoding is done with just one PHP function... No any code to write , just a php function ready for that..
But NO
More important to focus on content slider, content slider and content slider...
Does this situation is normal ????
Enjoy
I have checked on the server. You are right. All passwords in clear text!
Author
very secure !!!!
Thanks Incomedia... for their incompetence on this one again.
I go to be removed because my comment is not a good one !!!!
Oh, no! Not again!
(It is still in French part of the forum. Does not appear in the English one...)
Author
the stupid guy is sleeping...
Not able to be frank and to say why he removes our comments...
Author
And if your web server is vulnerable, file inclusion attack is possible to read the file and to retrieve authentication informations !!!
too easy to do.
Demo ?
Obviously not important ... No risks !!!!
Hello Incomedia what's your opinion ????
No risks... We are into "bisounours" world !
Enjoy !
Good day everyone
The security matter is of course of utmost importance for us and for this reason we've been working on improving this part specifically as well.
For this reason, I would like to inform you that the upcoming Preview version of the new version of the software will also feature the encoding of the password to make sure that a higher level of security can be provided for the users registered on the website's made with WebSite X5. The same change will also affect that way the password-reset email is built which will be adapted to this new change
I hope I was helpful
Stefano
Author
Sounds good... after a long log time ....
Wait & see