Why is the Password Answer stored in plain text - Sitefinity - General Discussions

All Replies

Posted by Community Admin on 22-Feb-2013 00:00

I have noticed that the Sitefinity Membership provider is storing the password answer in plain text. IMHO that is just as storing the password itself in plain text. Can this somehow be changed. I don't want to go into the hassle of creating my own membership provider.

I think no one should know the password besides the user and that goes for the password answer as well. I am not a security expert but in every asp.net tutorial for writing membership providers the answer is encrypted/hashed as well.

Any comment?

Posted by Community Admin on 27-Feb-2013 00:00

Hello,

Currently Sitefinity does not support this functionality out of the box. We find this a reasonable suggestion so I have logged it in our system as a feature request. You can follow its progress and vote to increase its popularity here.

Regards,
Pavel Benov
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

This thread is closed