[JDEV] Account information storage, plaintext?

Raditha Dissanayake jabber at raditha.com
Mon Sep 15 09:06:57 CDT 2003 

Hi,

Hashed passwords do not give 100% security. Let's take a web based email 
system that uses mysql as a db. You can easily make use of the 
password() function in mysql to create a oneway hashed password. But a 
malicious user who does not have root access but has access to the mysql 
db can reset your password to something of his choosing, login to your 
account send a nasty mail to your boss and change the password back to 
what it was before.

Having said that i am no advocate of plain text passwords :-)


Michael Brown wrote:

>----- Original Message ----- 
>From: "Robert Norris"
>  
>
>>>IMO it is very undesirable that passwords are stored in plaintext, IMO
>>>we should get rid of that ASAP :D I know we'll have to live with
>>>plaintext passwords for quite some time to come but IMO it would be a
>>>Good Thing(tm) if clients/servers would default to storing hashed
>>>passwords.
>>>      
>>>
>>Well, I think that plaintext passwords on the wire are more of an issue
>>than plaintext passwords in the data store.
>>
>>Basically, until we get auth mechanisms that are secure on the wire and
>>don't require plaintext passwords on the server, then stuff I write will
>>be storing passwords in plaintext.
>>    
>>
>
>I have to admit that I have never understood this (maybe someone can
>explain) - sending plain text over the wire is bad, but it's a different
>issue than storing them in plain text on the server.  At least when you send
>them there is a limited window for someone to sniff your password.  They
>have to be either lucky, or actually trying to find out what your password
>is.  With plaintext files on the server you have a 24x7 risk of someone
>getting root access and just sniffing around to find out if there is
>something interesting.
>
>Maybe I'm missing something obvious, but what is the harm in
>encrypting/hashing/obfuscating them?  It seems bad form to have plain text
>passwords stored anywhere when there is some sort of alternative (even if
>it's not a particuarly good one).  The only con I can possibly think of is
>that it might give the admin a false sense of security - but I can't see
>that as a major issue, and probably one that can be addressed in the
>documentation.
>
>Yes, they are not going to be 100% secure
>Yes, they have to be turned back into plaintext to be sent to the remote
>server
>Yes, it's bad that they have to be sent over the wire in plain text
>Yes, the admin SHOULD have the permissions set so no one but him/her can
>read them
>
>But on the other hand:
>
>It's not hard to do.  (Hell, even ROT13ing them would be an improvment over
>plain text)
>It stops a trusted admin from accidently/in good faith reading/remembering
>them
>Hashed passwords are MUCH harder to remember than plaintext ones (which are
>usually dictionary words)
>It lessens the chance of some script kiddy getting hold of the password
>file, and realising that he/she has a bunch of AIM/ICQ/MSN passwords and
>going nuts with them
>
>It's kind of like putting a lock on a glass door.  The effort to find
>something to break the glass with is going to be enough to deter some
>people, but it won't stop someone who is really intent on getting inside.  I
>don't know of any (Windows) clients that store the password in plain text in
>the registry/config file - and in theory you trust everyone who you give
>access to your PC.  I would be very surprised if when I clicked "Remember
>this password" in IE if I could then find it in plain text on my Win2000
>machine.
>
>Michael.
>
>_______________________________________________
>jdev mailing list
>jdev at jabber.org
>http://mailman.jabber.org/listinfo/jdev
>  
>


-- 
http://www.radinks.com/upload
Drag and Drop File Uploader.

More information about the JDev mailing list