mattwhite924 wrote:They didn't encrypt the passwords!? Who the heck is running that site, a 4 year-old?
There is absolutely NO excuse for not encrypting passwords.
That is correct. I am a professional software developer and have a masters degree in computer science. The entire site is built like sites were literally 10 years ago. Either they do not want to invest the money to modernize or their own in-house developers are seriously behind the times. Their software is a complete hackjob by todays standards. Nobody uses Cold Fusion anymore. I used to, but that was in 2002.
I haven't done shopping cart sites in a long time, but I can't help but think there are off-the-shelf products out there that could easily be customized in a short period of time to replace this legacy piece of garbage.
It isn't hard to encrypt passwords. Either they are too lazy or their developers are compete idiots. It is completely trivial now'adays to encrypt passwords. Probably writing a migration script to encrypt the existing passwords is beyond their technical capabilities.
Seriously, we need to stop putting up with this crap. Another option for them is to outsource the online store to an entity that knows what it is doing.