hmm, i have tried reproducing the error using my windows 7 system, but cannot, I have created a support ticket so we can look into this issue further.
To view and edit your support ticket, please log into your support history:
If anyone else is experiencing this same issue, please append to this thread.
Then you must also make sure that the login and protected pages use SSL right?
I completely agree with encrypting passwords, but it really is only one part of the overall puzzle. I fear that most people relying on encryption are falling into a false sense of security.
encrypting the passwords in the database will only protect the users data if someone gains direct access to your database. In actual fact, this is a very rare occurrence.
A much more common problem is hackers that use packet sniffing to look at information being transferred through form posts that are not secured under an SSL layer.
the way that password encryption works is that the plain text password is posted to the server. The server then takes the plain text password and encrypts it. An SQL query is then performed using the username and encrypted password to see if a record exists in the users table.
unless the login form is protected under an SSL layer, the plain text password in the form post is vulnerable to network packet sniffing attacks.
Just something to think about, especially when security is a concern.