28 Feb 2003 Stevey   » (Master)


 After posting the recent patch for reminding users of their passwords I've been looking over the code a bit more.

 Generally I'm quite impressed by it, but I can't help thinking that the account creation for the site is wrong somehow.

  • Email addresses are never validated.
  • Plaintext passwords are stored in the database.

 These aren't huge concerns, but it's still troubling to see a prominent site using non-validated logins.

 In other news I've submitted an "intent to package" bug against Debian to package the code behind this site, and add it to Debian.

 Basic packages are available now, but the require testing and hammering before I upload..

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!