Mailing List Archive

Email login links without plain text password
Hi All,

The email links we send out for customers to check orders and print receipts
have their passwords in plain text which is not good, is there a way to
provide an auto login area link without showing the plain text password.

I tried encrypting the userdb database and setting userdb to be encrypted in
catalog.cfg but this results in links showing encrypted passwords but the
links fail to login as IC is still expecting the unencrypted password to
login not the enrypted version.

Any solution to this?

Cheers,
Andy


_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users
Re: Email login links without plain text password [ In reply to ]
Quoting IC (ic@tvcables.co.uk):
>
> The email links we send out for customers to check orders and print receipts
> have their passwords in plain text which is not good, is there a way to
> provide an auto login area link without showing the plain text password.

Hi Andy,

Sounds like you have either a custom receipt or an old one. You may wish
to review the current mail receipt used by the Strap template:

https://github.com/interchange/interchange/blob/master/dist/strap/etc/mail_receipt

It only sends the "password" in the email if the user wasn't logged in;
that is, an auto-created user will get the link to check order status,
and the password is typically their phone number. You can always remove
this (line 107, etc).

--
Josh Lavin
End Point Corporation

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users
Re: Email login links without plain text password [ In reply to ]
> Sounds like you have either a custom receipt or an old one. You may wish
> to review the current mail receipt used by the Strap template:
>
> https://github.com/interchange/interchange/blob/master/dist/strap/etc/mail
> _receipt
>
> It only sends the "password" in the email if the user wasn't logged in;
> that is, an auto-created user will get the link to check order status,
> and the password is typically their phone number. You can always remove
> this (line 107, etc).


Hi Josh,

Yes we do have custom receipt and ship_notice that deliberately generates a
link to give customers 1 click access, I know what causes the password to be
issued in the link as we do this:-

[area no-session=1
form='
mv_username=[loop-data transactions username]
mv_password=[data table="userdb" column="password" key="[loop-data
transactions username]"]
mv_click=Login
mv_todo=return
mv_nextpage=order_detail
mv_arg=[loop-code]
']

Most customers like this is we don't store any payment information but a few
customers don't like seeing their password in plain text in the email.

I thought encrypting the password would help, although it obfuscates the
password in the link you can't log in with as IC is expecting it still in
plain text.

Regards,
Andy


_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users
Re: Email login links without plain text password [ In reply to ]
Quoting IC (ic@tvcables.co.uk):
>
> > Sounds like you have either a custom receipt or an old one. You may wish
> > to review the current mail receipt used by the Strap template:
> >
> > https://github.com/interchange/interchange/blob/master/dist/strap/etc/mail
> > _receipt
> >
> > It only sends the "password" in the email if the user wasn't logged in;
> > that is, an auto-created user will get the link to check order status,
> > and the password is typically their phone number. You can always remove
> > this (line 107, etc).
>
>
> Hi Josh,
>
> Yes we do have custom receipt and ship_notice that deliberately generates a
> link to give customers 1 click access, I know what causes the password to be
> issued in the link as we do this:-
>
> [area no-session=1
> form='
> mv_username=[loop-data transactions username]
> mv_password=[data table="userdb" column="password" key="[loop-data
> transactions username]"]
> mv_click=Login
> mv_todo=return
> mv_nextpage=order_detail
> mv_arg=[loop-code]
> ']
>
> Most customers like this is we don't store any payment information but a few
> customers don't like seeing their password in plain text in the email.
>
> I thought encrypting the password would help, although it obfuscates the
> password in the link you can't log in with as IC is expecting it still in
> plain text.

I see... Yeah, I think unless you create some other alternate login, you
will have to use unencrypted passwords and print them in the emails.

Even an alternate login that effectively logs them in would have the
same security issue. (What't the point of encrypting passwords if they
can login by other means and those are printed in an email?)

I think you will have to force logins if your customers are complaining
(rightly) and you want to be secure.

--
Josh Lavin
End Point Corporation

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users