Slengpung guys, what are you doing??
category: general [glöplog]
I registered on there and got the confirmation email ... with my password sent back to me in plaintext.
I would *definitely* expect most sceners to understand why that is such a horrendously bad idea.
Yeah it's not exactly a banking or high-security site, but this should be really basic stuff.
Please fix your shit. Or just use SceneID. Kaythxbye.
I would *definitely* expect most sceners to understand why that is such a horrendously bad idea.
Yeah it's not exactly a banking or high-security site, but this should be really basic stuff.
Please fix your shit. Or just use SceneID. Kaythxbye.
But Slengpung uses sceneid?
It's confusing but yeha, don't bother signing up for slengpung itself.
It's confusing but yeha, don't bother signing up for slengpung itself.
Oh lol, I now see you have to link slengpung to your account, sorry..
okkie: I think you first need to create a Slengpung account and then link it to a SceneID account, since SceneID is a bit of an afterthought here.
In short: Slengpung is old and a horrible mess (worse than pouet 0.9 from what I heard) and it is going to be rewritten some day.
In short: Slengpung is old and a horrible mess (worse than pouet 0.9 from what I heard) and it is going to be rewritten some day.
Yeah, i saw and replied juuuuust before you :D
And yes, old terrible and very web 1.0
And yes, old terrible and very web 1.0
If we wait just a little bit longer, Slengpung will look completely hip and modern again!
just add a sandwich menu button, done.
Slengpung doesn't store passwords in plaintext.
gargaj: jmph's concearn is in the password being sent back by email in plaintext, anyone sniffing the network can see it. might be smarter not to send the password back at all (person already inserted it twice, they should know what it is).
also if the site can extract the password in plaintext it propbably means the whole system is insecure since the way to go is usually to just store the (irreversible) hashes?
No, it means the site sends the email after you submitted the form.
ps: It's not that I don't agree, but I haven't had access to the site code for years now so I can't do much about it.
ps: It's not that I don't agree, but I haven't had access to the site code for years now so I can't do much about it.
I'd assume that the email is generated during the registration process where you still have the plain text password in hand.
Ok, I'm gonna give the benefit of a doubt and assume the password gets encrypted (hopefully 1-way) when it goes into the database.
However registrations are approved manually, which took a day before I got the email , so for *some* time, recoverable or unencrypted passwords are being stored somewhere.
I'm not worried about getting my identity stolen from a Slengpung hack, but you better believe I changed that password.
However registrations are approved manually, which took a day before I got the email , so for *some* time, recoverable or unencrypted passwords are being stored somewhere.
I'm not worried about getting my identity stolen from a Slengpung hack, but you better believe I changed that password.
email on way to its destination transpasses many third party systems and ultimately is most often stored in unencrypted form somewhere, often in email client or a phone. any malware can harvest it. handling passwords that way is totally dumb. youre excusing yourselves with obscurity way too much.
Noone is giving excuses, just explanations.
sometimes the two overlap ;)
I'm subscribed to a mailing list (dailydave) from a well-respected security researcher (Dave Aitel) working for a well-respected security company (Immunity Inc). They send me my password in plaintext via email EVERY SINGLE MONTH.
So it could be worse. :-P
So it could be worse. :-P
Kylearan: Yes, Mailman is horrible :) Even the documentation says: "Do NOT use a valuable password for Mailman, since it can be sent in plain text to you."
Sooo...in the days of social media overload and paranoia, are we done with Slengpung now?, or are there plans to resurrect it? Or are we done and just have it live its last days as an archive of good times ;)
I personally think slengpung is an excellent concept.
There are almost no pictures of myself (because my social circles do not take pictures usually) and it is great finding me there, or sceners that I only met online and do not know how they look like. Also there's so much scene history preserved in there.
could we keep it alive, maybe somehow password protected for privacy reasons?
There are almost no pictures of myself (because my social circles do not take pictures usually) and it is great finding me there, or sceners that I only met online and do not know how they look like. Also there's so much scene history preserved in there.
could we keep it alive, maybe somehow password protected for privacy reasons?
I really loved Slengpung and am quite sad its not used anymore.
Maybe just move everything over to OnlyFans. The small fee of say $1 can be used for maintenance and is a hurdle for everyone that wants to steal your precious privacy.
Maybe just move everything over to OnlyFans. The small fee of say $1 can be used for maintenance and is a hurdle for everyone that wants to steal your precious privacy.
and for $19 you get to see what's under nosfe's kilt...
but seriously, yeah, archiving it behind full-on sceneid only access wouldn't hurt anybody :)
but seriously, yeah, archiving it behind full-on sceneid only access wouldn't hurt anybody :)
I wonder if the modern day replacement for skengpung should be a Pixelfed instance...?
Skengpung 🤦
Meteoriks prize should be given for the most lecherous or noxious slengpung pic of the year (for a person who appears on a pic).
