[JDEV] Account information storage, plaintext?
Jamin W. Collins
jcollins at asgardsrealm.net
Fri Sep 12 17:11:40 CDT 2003
On Fri, Sep 12, 2003 at 10:46:50PM +0200, Tijl Houtbeckers wrote:
>
> As for transports, since most networks currently require acces to
> plaintext passwords to do authentication with them there is only one
> alternative, mapping the authenitcation to Jabber and let the clients
> handle it. That would mean however that for every forgein network you
> want to use the client would have to implement that authentication
> process. Wich on most networks is also the most frequently changed
> feature. For example for MSN first would have had to implement SHA1
> authentication in your messenger, but now you'd have to tunnel SSL
> over your Jabber stream. I can imagine most client authors would like
> it better if you just restrict read-acces on your server ;)
Agreed, but I was thinking more of the end users using public Jabber
servers. These users are giving their login and password to the Jabber
Server admin(s) for each IM network when they register with a transport
on these servers. I'm not saying I have a better idea, but this seems
like a rather large hole waiting to be exploited.
--
Jamin W. Collins
Facts do not cease to exist because they are ignored. --Aldous Huxley,
"Proper Studies", 1927
More information about the JDev
mailing list