[JDEV] hashing of passwords in xml file

[b h]

Hi,

I'm not an advanced developer, or an xml expert, so
please be patient with me.  But I have two
questions...

1. Is there any problem with storing a SHA-1 hash of
the password as opposed to plaintext in the users.xml
files?  Since I already have openssl on the system
(and have configured jabberd to use ssl encryption) I
think this should be easy to do.  I don't think this
should be a problem, although maybe a SHA-1 output
every now and then would conflict with XML syntax? 
ie. part of the hash having special characters that
are reserved in XML?  hmm, XML files are plaintext and
SHA-1 output is binary... maybe convert it to hex
first before storing (like the digest)....

2. If there isn't a problem with question 1, could
someone please point me to the files where I would
need to modify the source of jabberd in order to
implement this?

I still have reservations having plaintext user
passwords on the filesystem.  Even though I comment
out the <mod_auth_plain>./jsm/jsm.so</mod_auth_plain>
option, and use SSL for encryption, I would feel more
comfortable if putting a server on the DMZ with a
little more protection.  And from my understanding,
with 1.4.2 there is currently a need of keeping the
plaintext passwords available in the user.xml file.

any advice or comments much appreciated.

b

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com