[JDEV] Account information storage, plaintext?
Jamin W. Collins
jcollins at asgardsrealm.net
Fri Sep 12 17:14:28 CDT 2003
On Fri, Sep 12, 2003 at 10:04:39PM +0100, Andrew Sayers wrote:
>
> I can't speak for jabberd, but other popular programs (e.g. pppd,
> fetchmail) store passwords in plaintext, readable only by a specified
> user. The theory is that if someone can get read access to files they
> aren't supposed to, they'll get your password one way or other anyway.
Understood, but in the examples provided the password is either stored
on the user's machine or on the remote server being connected to. In
the case of Jabber transports the password is being stored on a third
party system (the Jabber server), and the users probably don't realize
this.
--
Jamin W. Collins
Remember, root always has a loaded gun. Don't run around with it unless
you absolutely need it. -- Vineet Kumar
More information about the JDev
mailing list