pouët.net

Slengpung guys, what are you doing??

category: general [glöplog]
I registered on there and got the confirmation email ... with my password sent back to me in plaintext.

I would *definitely* expect most sceners to understand why that is such a horrendously bad idea.

Yeah it's not exactly a banking or high-security site, but this should be really basic stuff.

Please fix your shit. Or just use SceneID. Kaythxbye.
added on the 2017-02-01 17:50:34 by jmph jmph
But Slengpung uses sceneid?

BB Image

It's confusing but yeha, don't bother signing up for slengpung itself.
added on the 2017-02-01 17:59:56 by okkie okkie
Oh lol, I now see you have to link slengpung to your account, sorry..
added on the 2017-02-01 18:01:26 by okkie okkie
okkie: I think you first need to create a Slengpung account and then link it to a SceneID account, since SceneID is a bit of an afterthought here.

In short: Slengpung is old and a horrible mess (worse than pouet 0.9 from what I heard) and it is going to be rewritten some day.
Yeah, i saw and replied juuuuust before you :D

And yes, old terrible and very web 1.0
added on the 2017-02-01 18:02:17 by okkie okkie
If we wait just a little bit longer, Slengpung will look completely hip and modern again!
just add a sandwich menu button, done.
added on the 2017-02-01 18:36:41 by wysiwtf wysiwtf
Slengpung doesn't store passwords in plaintext.
added on the 2017-02-01 18:46:02 by Gargaj Gargaj
gargaj: jmph's concearn is in the password being sent back by email in plaintext, anyone sniffing the network can see it. might be smarter not to send the password back at all (person already inserted it twice, they should know what it is).
added on the 2017-02-01 18:57:20 by psenough psenough
also if the site can extract the password in plaintext it propbably means the whole system is insecure since the way to go is usually to just store the (irreversible) hashes?
added on the 2017-02-01 19:07:35 by wysiwtf wysiwtf
No, it means the site sends the email after you submitted the form.

ps: It's not that I don't agree, but I haven't had access to the site code for years now so I can't do much about it.
added on the 2017-02-01 19:25:25 by Gargaj Gargaj
I'd assume that the email is generated during the registration process where you still have the plain text password in hand.
added on the 2017-02-01 19:27:20 by LJ LJ
Ok, I'm gonna give the benefit of a doubt and assume the password gets encrypted (hopefully 1-way) when it goes into the database.

However registrations are approved manually, which took a day before I got the email , so for *some* time, recoverable or unencrypted passwords are being stored somewhere.

I'm not worried about getting my identity stolen from a Slengpung hack, but you better believe I changed that password.
added on the 2017-02-01 20:37:50 by jmph jmph
email on way to its destination transpasses many third party systems and ultimately is most often stored in unencrypted form somewhere, often in email client or a phone. any malware can harvest it. handling passwords that way is totally dumb. youre excusing yourselves with obscurity way too much.
added on the 2017-02-01 21:32:27 by rutra80 rutra80
Noone is giving excuses, just explanations.
sometimes the two overlap ;)
added on the 2017-02-02 06:17:41 by farfar farfar
I'm subscribed to a mailing list (dailydave) from a well-respected security researcher (Dave Aitel) working for a well-respected security company (Immunity Inc). They send me my password in plaintext via email EVERY SINGLE MONTH.

So it could be worse. :-P
added on the 2017-02-02 10:14:11 by Kylearan Kylearan
Kylearan: Yes, Mailman is horrible :) Even the documentation says: "Do NOT use a valuable password for Mailman, since it can be sent in plain text to you."
Sooo...in the days of social media overload and paranoia, are we done with Slengpung now?, or are there plans to resurrect it? Or are we done and just have it live its last days as an archive of good times ;)

BB Image
added on the 2023-09-26 13:50:29 by tFt tFt
I personally think slengpung is an excellent concept.
There are almost no pictures of myself (because my social circles do not take pictures usually) and it is great finding me there, or sceners that I only met online and do not know how they look like. Also there's so much scene history preserved in there.

could we keep it alive, maybe somehow password protected for privacy reasons?
added on the 2023-12-19 12:13:02 by NR4 NR4
I really loved Slengpung and am quite sad its not used anymore.
Maybe just move everything over to OnlyFans. The small fee of say $1 can be used for maintenance and is a hurdle for everyone that wants to steal your precious privacy.
and for $19 you get to see what's under nosfe's kilt...

but seriously, yeah, archiving it behind full-on sceneid only access wouldn't hurt anybody :)
I wonder if the modern day replacement for skengpung should be a Pixelfed instance...?
added on the 2023-12-19 16:10:31 by kusma kusma
Skengpung 🤦
added on the 2023-12-19 16:11:00 by kusma kusma
Meteoriks prize should be given for the most lecherous or noxious slengpung pic of the year (for a person who appears on a pic).

login