[ic] Email login links without plain text password

[Josh Lavin]

Quoting IC (ic at tvcables.co.uk):
> 
> > Sounds like you have either a custom receipt or an old one. You may wish
> > to review the current mail receipt used by the Strap template:
> > 
> > https://github.com/interchange/interchange/blob/master/dist/strap/etc/mail
> > _receipt
> > 
> > It only sends the "password" in the email if the user wasn't logged in;
> > that is, an auto-created user will get the link to check order status,
> > and the password is typically their phone number. You can always remove
> > this (line 107, etc).
> 
> 
> Hi Josh,
> 
> Yes we do have custom receipt and ship_notice that deliberately generates a
> link to give customers 1 click access, I know what causes the password to be
> issued in the link as we do this:-
> 
> [area no-session=1
> 	form='
>       mv_username=[loop-data transactions username]
> 	mv_password=[data table="userdb" column="password" key="[loop-data
> transactions username]"]
>       mv_click=Login
>       mv_todo=return
>       mv_nextpage=order_detail
> 	mv_arg=[loop-code]
> ']
> 
> Most customers like this is we don't store any payment information but a few
> customers don't like seeing their password in plain text in the email.
> 
> I thought encrypting the password would help, although it obfuscates the
> password in the link you can't log in with as IC is expecting it still in
> plain text.

I see... Yeah, I think unless you create some other alternate login, you
will have to use unencrypted passwords and print them in the emails.

Even an alternate login that effectively logs them in would have the
same security issue. (What't the point of encrypting passwords if they
can login by other means and those are printed in an email?)

I think you will have to force logins if your customers are complaining
(rightly) and you want to be secure.

-- 
Josh Lavin
End Point Corporation