Try Now
More in this section

Forums / General Discussions / Why is the Password Answer stored in plain text

Why is the Password Answer stored in plain text

2 posts, 0 answered
  1. Info
    Info avatar
    4 posts
    25 Nov 2012
    22 Feb 2013
    Link to this post

    I have noticed that the Sitefinity Membership provider is storing the password answer in plain text. IMHO that is just as storing the password itself in plain text. Can this somehow be changed. I don't want to go into the hassle of creating my own membership provider. 

    I think no one should know the password besides the user and that goes for the password answer as well. I am not a security expert but in every asp.net tutorial for writing membership providers the answer is encrypted/hashed as well.

    Any comment?

  2. Pavel Benov
    Pavel Benov avatar
    341 posts
    14 Mar 2016
    27 Feb 2013
    Link to this post

    Currently Sitefinity does not support this functionality out of the box. We find this a reasonable suggestion so I have logged it in our system as a feature request. You can follow its progress and vote to increase its popularity here

    Pavel Benov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
2 posts, 0 answered