[JDEV] Account information storage, plaintext?
Richard Dobson
richard at dobson-i.net
Mon Sep 15 10:42:40 CDT 2003
> Maybe I'm missing something obvious, but what is the harm in
> encrypting/hashing/obfuscating them? It seems bad form to have plain text
> passwords stored anywhere when there is some sort of alternative (even if
> it's not a particuarly good one). The only con I can possibly think of is
> that it might give the admin a false sense of security - but I can't see
> that as a major issue, and probably one that can be addressed in the
> documentation.
Of course two way reversable encryption is certainly an option instead of
just storing the bare plain text password, but the original message author
was advocating the use of non reversable hashes, which is not really an
option with current authentication schemes and as I mentioned if you are
forcing that on admins as the only way to store passwords it scuppers the
possiblity of integrating the jabber server into a greater user database.
Richard
More information about the JDev
mailing list