[JDEV] Jabber AIM transport caches passwords
Oliver George
oliver at littledevil.com.au
Mon Mar 12 00:50:49 CST 2001
I like to propose a JAM Session.
Thomas Muldowney wrote:
> Last reply to myself =) It's been pretty much decided that we'll use JIG
> (Jabber Interest Group), so unless someone has a deathly reason against it,
> there you go!
>
> Go do the JAM JIG!
>
> --temas
>
> On Sun, Mar 11, 2001 at 11:57:33PM -0600, Thomas Muldowney wrote:
>
>> Yeah I made up the term JWG, just trying to think of a way to distinguish all
>> the groups of people starting to form and work on new wonderful ideas using
>> Jabber, anyone got other suggestions?
>>
>> --temas
>>
>> On Sun, Mar 11, 2001 at 11:10:42PM -0600, Thomas Muldowney wrote:
>>
>>> Give me a better solution and I will gladly accept it. I'm a security nut, and
>>> I hate this, but it's a lot better than the old way (::shudder::). I've toyed
>>> with ideas of different encryption schemes but they all fail or give a false
>>> sense of security. In my strong opinion (not humble in this case) a false sense
>>> of security is the far far greater evil than a little less security, wherein you
>>> know your weakness. I'd be more than happy to devote some time to this problem
>>> though (all transports have it), anyone else want to start a JWG (jabber working
>>> group) for this?
>>>
>>> --temas
>>>
>>> On Fri, Mar 09, 2001 at 12:03:24AM -0600, kadokev at msg.net wrote:
>>>
>>>> I've noticed that the AIM transport for Jabberd is storing the AIM information
>>>> permanently in a file on the jabber server, including the username and
>>>> password for every AIM account used through the transport?
>>>>
>>>> I can understand why the transport would need to cache the credentials for
>>>> the AIM connection, but it seems particularly dangerous to be storing this
>>>> in cleartext file, permanently. If nothing else, there should be prominent
>>>> warnings in the documentation for the transport and to all transport users.
>>>>
>>>> Kevin Kadow
>>>>
>>>> _______________________________________________
>>>> jdev mailing list
>>>> jdev at jabber.org
>>>> http://mailman.jabber.org/listinfo/jdev
>>>
More information about the JDev
mailing list