[ic] For review - new Strap template for Interchange 5
jon at endpoint.com
Sun Oct 18 00:49:58 UTC 2015
On Sat, 17 Oct 2015, Josh Lavin wrote:
>> 1. Customer and affiliate passwords should be encrypted with bcrypt,
>> not plain text. I think the time for allowing plain text storage of
>> passwords is long past and IC is perfectly capable of using the current
>> recommendation for this which is bcrypt.
> I put this on the #interchange channel, but the reason we don't use
> crypt in Strap at this point, is because of the demo mode. We want to
> keep plain-text passwords for the demo users, so you can look in the
> database and see what a user's password is, to login to their account.
That doesn't seem like a compelling reason to me. Much more important to
do the right thing by default for real sites, I think. Demos are
temporary, but real ecommerce sites are forever. :)
For the demo, can't we just show in plain text what the logins are on the
login page itself?
End Point Corporation
More information about the interchange-users