Sending passwords in emails in plain text

Joomla has an option to prevent the user's password being sent in the activation email - this makes good security sense.

MembershipPro doesn't have its own option and doesn't obey the joomla user option setting. Tuan kindly changed my code in a previous version to remove the password, but this has not survived the upgrade to V 2.3.0.

It's obviously fairly straightforward to remove the line/s of code that add the password to the email, but it would be far better if MembershipPro either obeyed the joomla user option or had its own option to remove the password from emails.

What does everyone think? Is this a feature that we should ask Tuan to implement in a future version?

I agree with this suggestion and will implement it into the next release

Regards,

Tuan

I agree 100%. In today's world, we should never be sending passwords to an end-user in an email, for them to keep in their email account and then when their own email account is compromised, que simple access by a hacker to your / our sites via a backdoor.

Tuan Pham Ngoc wrote: I agree with this suggestion and will implement it into the next release

Regards,

Tuan

Hi Tuan,

Out of interest, has this implemented now?

Regards,

Hi

Yes. I just implemented it. Please download latest version, upgrade it to your site (since it is just small change, I didn't change version number, still 2.3.0). Then change Send Password parameter in Joomla core users component to No and password won't be sent in the email anymore

Regards,

Tuan

Cheers for that Tuan, I've done as directed above and will sign-up a new test account and check it all works my end, which I'm sure it will.

Regards,