2016-03-14, 05:25:35
(2016-03-14, 04:53:44)HelgeSverre Wrote: Yes, In ordinary circumstances it is true that you should never store passwords in cleartext as I have done, but in this case it does not need to be encrypted or hashed due to the following reasons:
However, feel free to come up with an alternative solution.
- The password is supposed to be displayed in the page edit area. (Main reason why it is plain text)
- It is only view-able to admins.
- If someone gains access to your server (ftp, ssh or otherwise) you have bigger problems than a plaintext password protected page.
- The password is specific to only the page it is applied on, knowing this password does not give you any further privileges into the system.
I do not see any reason why you would want to store the password in plain text, it's definitely not correct!