amnonM Posted July 30, 2019 Share Posted July 30, 2019 Hi, I just got this email from a customer: Quote I am writing to encourage you to review your password and privacy policy. It is not considered an acceptable practice for a service provider to keep customer passwords on their servers. You should only keep a hashed checksum to ensure that the password entered matched the originally chosen password. That way, when your servers are ultimately hacked, the passwords remain secure. Also, the practice of mailing the passwords back to users is inexcusable as this is a sure-fire path to interception and security compromise. Kindly review your security practices and policies and make the necessary changes to ensure the safety of your customers. What can I do about this? (I am running prestashop 1.6.0.9) Thanks Link to comment Share on other sites More sharing options...
joseantgv Posted July 30, 2019 Share Posted July 30, 2019 Passwords are not stored unhashed. He told you this because when a customer is registered they get an email with their email address and the plain password, but it is retrieved from the POST information, not from database. If you want you can remove this field from the email template. This only happens in PS 1.6. 1 Link to comment Share on other sites More sharing options...
amnonM Posted July 30, 2019 Author Share Posted July 30, 2019 thanks, perfect Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now