There seem to be an awful lot of overreactions going on here. Breakins happen from time to time. Storing the passwords cleartext is embarassing, sure, but it was probably considered handy for mailing passwords to people back in 1996 or whatever.

Also, hashing the passwords does not make them that much safer. Are you talking md5/sha1 hmac stuff like the Linux shadow files? Well, a few hours with john will get you a huge majority of the passwords I imagine, even with salts. And for the patient (or the botnet operator), even the really good ones will be discovered in relatively short order.

Pfft, I say. This is why you should use a randomly generated unique password on each site.

It doesn't really have anything to do with Perl or the Perl community either. I imagine the everything 2 engine has crypted passwords -- I don't really know that, I just imagine. Probably this was a bad design decision unique to this particular e2 site.

I'd guess more forum sites store passwords cleartext than don't though, doesn't really matter what language. It was really common to send your clear text password over cleartext email when you clicked "forgot password." A lot of sites changed this behavior, for good reasons, but a lot didn't. It's historical, not a Perl-the-language problem.

Basically, people were just too lazy to change it, because that's how it's always been.

---

---

• Are you posting in the right place? Check out Where do I post X? to know for sure.
• Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:

  <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>

• Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
• Want more info? How to link or How to display code and escape characters are good places to start.