a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment
mk  ·  4348 days ago  ·  link  ·    ·  parent  ·  post: Hubski with ssl?

    While we're talking about security: you really ought to require that people re-enter their existing password when changing their password.

Good point. I'll implement that as well.

    Finally: I assume that you're hashing the password on the database side, and not just storing them plaintext.

Yes, they are hashed.

    You're doing great work, mk: please don't think I'm nickpicking! Security's important, and it's worth getting right.

Thanks. I have no problem being cautious, or sensitive to privacy. In a place where we want people to speak freely, it doesn't hurt.

I'll follow up.