Check out the LimeSurvey source code on GitHub!

Security

More
5 years 10 months ago #57227 by Catze
An IT-technician/admin pointed to me that the passwords of an account in plain text and clearly with password and user name are sent to the user. Is it possible to fix it?

Crawlers scan all mails just for these terms. Especially for companies a high security risk - that's irresponsible.

what can i do?

Please Log in to join the conversation.

More
5 years 10 months ago #57229 by lowprofile
maybe instead of sending a password on account creation limesurvey could send a token, which when clicked by the receiver prompts them to setup a password ?

Please Log in to join the conversation.

More
5 years 10 months ago #57247 by DenisChenu
Please, fill a bug report.

And yes , i'm agree it's a security hole, but it's need time to be reworked.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).

Please Log in to join the conversation.

More
5 years 10 months ago #57278 by Mazi
No cross posting please: www.limesurvey.org/en/forum/german-forum...ema-sicherheit#57273

Translation of my solution psted at the link above:
1. Create a user with a fake email address. The password will be set automatically
2. Afterwards edit this user and assign him/her a manually created password.
3. Tell him/her about the username/password combination or send two separate emails
4. Afterwards you might want to change the email address to the correct one.


Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com'"

Please Log in to join the conversation.

More
5 years 10 months ago #57351 by Mazi
We always honor user feedback so there will be two new settings at the upcoming 1.91 version for displaying passwords. See limesurvey.svn.sourceforge.net/viewvc/li...vision&revision=9810


Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com'"

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form