[JDEV] Account information storage, plaintext?
Jamin W. Collins
jcollins at asgardsrealm.net
Mon Sep 15 12:02:30 CDT 2003
On Mon, Sep 15, 2003 at 04:42:40PM +0100, Richard Dobson wrote:
> > Maybe I'm missing something obvious, but what is the harm in
> > encrypting/hashing/obfuscating them? It seems bad form to have
> > plain text passwords stored anywhere when there is some sort of
> > alternative (even if it's not a particuarly good one). The only con
> > I can possibly think of is that it might give the admin a false
> > sense of security - but I can't see that as a major issue, and
> > probably one that can be addressed in the documentation.
>
> Of course two way reversable encryption is certainly an option instead
> of just storing the bare plain text password, but the original message
> author was advocating the use of non reversable hashes,
AFAIK, I was the original author of this thread , and I did no such
thing. Were you referring to someone else? I simply asked if anyone
else saw the plaintext storage as a problem.
--
Jamin W. Collins
To be nobody but yourself when the whole world is trying it's best night
and day to make you everybody else is to fight the hardest battle any
human being will fight. -- E.E. Cummings
More information about the JDev
mailing list