SjotgunSjonnie

I am no security expert, simply a software engineer. IT system security is simply about thinking about all defensive layers which can possible reduce the effects of an attack. Hashing a password is such a defensive layer (but don't forget the salt, to prevent rainbow table attacks). This principle is called defense in depth. PMDG, please consider these links.http://stackoverflow.com/questions/674904/salting-your-password-best-practiceshttp://stackoverflow.com/questions/536584/non-random-salt-for-password-hashes/536756#536756

(1) I agree with your statement on having separate passwords per site. But one cannot expect non-tech savvy users to know or follow this recommendation. (2) The fallacy here is that the key used to encrypt and decrypt is located on a system which may be compromised. Therefore, the act of encrypting information provides only security by obscurity, which as we know is not secure at all. In the end the question really is: why take the risk at all?

(1) Consider the case where certain types of traffic from certain domains are sniffed on purpose by some evil party. E.g. people would want to harm your business by sniffing for passwords you send out to them and abusing them. Then sure, the link would also be usable by them, but only between the moment of capturing it and resetting the password, not during the duration of the password´s lifetime. (2) If you hash my password you would not be able to send my original password back to me, as hashing is a one-way operation. Therefore, your statement is false.

Dear PMDG, On ordering the 737NGX I had to retrieve a password using the password retrieval service. In the that was sent to me I noticed that the password I entered originally was sent to me. This, as you may be aware of (there are sure to be some smart software engineers in your company) is risky from a security perspective in various ways: (1) E-mails which you send out are visible to all. If someone is listening to internet traffic at one point in the communication chain he will see my password.(2) By sending me my originally entered password, it seems that you are storing this password either in a plain text or encrypted format. If the system holding the password is compromised, so is my password. Of course you are probably aware of the need for hashing the password and applying a salt onto it, so please do. Note that I found this to be so much of an issue that I'm writing this message before installing the PMDG 737NGX I just purchased. I hope you can resolve this issue soon. Kind regards, David Walschots

Agreed Daryl. However, SimRoutes (and FSRoute.com) both have a lack of recent navigational data. This is something that my application will have sorted out. Given that my application will require the user to have a downloaded (payed) copy of Navigraph's AIRAC I suspect it won't have the same issue SimRoutes has.For now I'm keeping the application personal as I'd still need to sort this out with Navigraph and other parties.

I'm working on a software application that converts a flight plan generated by RouteFinder to various aircraft FMC formats. Looking at a PMDG route file (EGLL LSZH MD-11 tutorial) reveals lots of 'hmmmmz'.Is there any documentation available for this file? I've found http://ops.precisionmanuals.com/wiki/NAVDATA_Data_Dictionary which only gives information on the NAVDATA files. Is there a similar page for the rte file?Thanks,

Yes, I know what you mean. The MD-11 seems to be very aggressively chasing the FDs commands. My last flight (delivery from Long Beach to Amsterdam) was an almost continuous wobble between 0 and 5 degrees pitch attitude because of these wind shifts and the effect they have on the MD.

Dear PMDG dev team,I've been enjoying the MD-11 a LOT so far. Outstanding job on this one. Once I feel very comfortable with flying this bird I want to add all kinds of failures in the mix. There is however one thing I dislike about this with the MD-11 as it currently is.The random failures can only be: n times every ten hours. I think the ten hours is a limiting factor. I'd like to fly the aircraft in a normal fashion with the possibility of a failure happening. I do not want to fly the aircraft with the knowledge a failure will most likely happen on this flight.So, what I am proposing is giving us simmers the ability to also select the time. LDS did this with their 767. They allow the user to select n number of failures per day, week, month.Is it possible to add this feature to one of the upcoming patches?Thanks for your time,