top | item 39032166

(no title)

Obviously, the answer is never (unless it's for _very_ specific testing in a dev only environment).

In this case, it's not that they were sending the password directly for any reason, but instead returning the raw SMTP log from sending the email; which as a byproduct had the password in it due to needing to authenticate with the SMTP server.

discuss

No comments yet.