Good ideas and conversation. No ads, no tracking. Login or Take a Tour!
Good point. I'll implement that as well. Yes, they are hashed. Thanks. I have no problem being cautious, or sensitive to privacy. In a place where we want people to speak freely, it doesn't hurt. I'll follow up.While we're talking about security: you really ought to require that people re-enter their existing password when changing their password.
Finally: I assume that you're hashing the password on the database side, and not just storing them plaintext.
You're doing great work, mk: please don't think I'm nickpicking! Security's important, and it's worth getting right.