Heard about new blogging service Blog.co.in from a friend, and the first thing I liked about it was its short domain name. I thought I'll check that out and opened their site. UI layout was pretty decent and they have some good looking themes to choose from. Looking at their site for a while, I was convinced that I could try. Even if I don't end up moving this blog to the new provider I could check it out, I thought.
Registration includes activating the account by visiting the URL they send through email. I opened the link from their email and it says "Your account is now active" in big red font. Nice. Oh wait! Right below that message there is my username and my password! In addition, they are sending an email to me with my password.
As a rule of thumb, I don't trust anyone who stores passwords as plaintext in their databases. Given that they make a blunder in such a common task, I can't believe the rest of their system would be secure. No one may really attack their site; but I am kinda conservative in choosing who runs my blogs.
If you're thinking whether to use Blog.co.in for your blog, my advice would be to stay away from it.
16 Sept 2008
Subscribe to:
Post Comments (Atom)
They are using Wordpress MU and it dosn't store the password in plain text. They are stored in an encrypted format. Email was only for the user to keep a record.
ReplyDeleteI use them and it's an excellent service.