Support Board
Date/Time: Mon, 16 Jun 2025 08:46:26 +0000
Password storage and plain-text emails are not acceptable
View Count: 228
| [2025-05-12 04:05:40] |
| User300594 - Posts: 1 |
|
Sierra Chart should not email passwords in plain text. Passwords must be hashed using a one-way function (like bcrypt, scrypt, or Argon2), not stored in a way that allows them to be retrieved and emailed. This practice is a serious security flaw and needs to be addressed.
|
| [2025-05-12 09:40:47] |
| Sierra_Chart Engineering - Posts: 19924 |
|
We have to see in what case, an email would contain a password. There is going to be only probably one case. Like when an account is being created for you or you specifically request your account password to be regenerated by the system and sent to you. In this case the password would be temporarily known (Less than a millisecond). This is already the case: Passwords must be hashed using a one-way function (like bcrypt, scrypt, or Argon2), not stored in a way that allows them to be retrieved and emailed.
They are one-way encrypted already. For example, you are never able to request your current password. This is impossible. You could have it be reset automatically, to some random string, and have it emailed to you. But this is just only one possibility. You can also request that you get a password reset email message, and then you enter your own password. Sierra Chart Support - Engineering Level Your definitive source for support. Other responses are from users. Try to keep your questions brief and to the point. Be aware of support policy: https://www.sierrachart.com/index.php?l=PostingInformation.php#GeneralInformation For the most reliable, advanced, and zero cost futures order routing, use the Teton service: Sierra Chart Teton Futures Order Routing Date Time Of Last Edit: 2025-05-12 09:54:10
|
To post a message in this thread, you need to log in with your Sierra Chart account: