[JDEV] Jabber AIM transport caches passwords

Thomas Muldowney temas at box5.net
Mon Mar 12 00:28:53 CST 2001 

Last reply to myself =)  It's been pretty much decided that we'll use JIG
(Jabber Interest Group), so unless someone has a deathly reason against it, 
there you go!

Go do the JAM JIG!

--temas

On Sun, Mar 11, 2001 at 11:57:33PM -0600, Thomas Muldowney wrote:
> Yeah I made up the term JWG, just trying to think of a way to distinguish all
> the groups of people starting to form and work on new wonderful ideas using
> Jabber, anyone got other suggestions?
> 
> --temas
> 
> On Sun, Mar 11, 2001 at 11:10:42PM -0600, Thomas Muldowney wrote:
> > Give me a better solution and I will gladly accept it.  I'm a security nut, and
> > I hate this, but it's a lot better than the old way (::shudder::).  I've toyed
> > with ideas of different encryption schemes but they all fail or give a false
> > sense of security.  In my strong opinion (not humble in this case) a false sense
> > of security is the far far greater evil than a little less security, wherein you
> > know your weakness.  I'd be more than happy to devote some time to this problem
> > though (all transports have it), anyone else want to start a JWG (jabber working
> > group) for this?
> > 
> > --temas
> > 
> > On Fri, Mar 09, 2001 at 12:03:24AM -0600, kadokev at msg.net wrote:
> > > I've noticed that the AIM transport for Jabberd is storing the AIM information
> > > permanently in a file on the jabber server, including the username and
> > > password for every AIM account used through the transport?
> > > 
> > > I can understand why the transport would need to cache the credentials for
> > > the AIM connection, but it seems particularly dangerous to be storing this
> > > in cleartext file, permanently. If nothing else, there should be prominent
> > > warnings in the documentation for the transport and to all transport users.
> > > 
> > > Kevin Kadow
> > > 
> > > _______________________________________________
> > > jdev mailing list
> > > jdev at jabber.org
> > > http://mailman.jabber.org/listinfo/jdev
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20010312/f0f7a9ca/attachment-0002.pgp>

More information about the JDev mailing list