[JDEV] Jabber AIM transport caches passwords
Thomas Muldowney
temas at box5.net
Sun Mar 11 23:10:42 CST 2001
Give me a better solution and I will gladly accept it. I'm a security nut, and
I hate this, but it's a lot better than the old way (::shudder::). I've toyed
with ideas of different encryption schemes but they all fail or give a false
sense of security. In my strong opinion (not humble in this case) a false sense
of security is the far far greater evil than a little less security, wherein you
know your weakness. I'd be more than happy to devote some time to this problem
though (all transports have it), anyone else want to start a JWG (jabber working
group) for this?
--temas
On Fri, Mar 09, 2001 at 12:03:24AM -0600, kadokev at msg.net wrote:
> I've noticed that the AIM transport for Jabberd is storing the AIM information
> permanently in a file on the jabber server, including the username and
> password for every AIM account used through the transport?
>
> I can understand why the transport would need to cache the credentials for
> the AIM connection, but it seems particularly dangerous to be storing this
> in cleartext file, permanently. If nothing else, there should be prominent
> warnings in the documentation for the transport and to all transport users.
>
> Kevin Kadow
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20010311/0d965cf5/attachment-0002.pgp>
More information about the JDev
mailing list