[JDEV] Account information storage, plaintext?
Richard Dobson
richard at dobson-i.net
Mon Sep 15 16:38:57 CDT 2003
> > > Maybe I'm missing something obvious, but what is the harm in
> > > encrypting/hashing/obfuscating them? It seems bad form to have
> > > plain text passwords stored anywhere when there is some sort of
> > > alternative (even if it's not a particuarly good one). The only con
> > > I can possibly think of is that it might give the admin a false
> > > sense of security - but I can't see that as a major issue, and
> > > probably one that can be addressed in the documentation.
> >
> > Of course two way reversable encryption is certainly an option instead
> > of just storing the bare plain text password, but the original message
> > author was advocating the use of non reversable hashes,
>
> AFAIK, I was the original author of this thread , and I did no such
> thing. Were you referring to someone else? I simply asked if anyone
> else saw the plaintext storage as a problem.
Sorry I meant the original author of the line of questioning, Bart I
believe.
Richard
More information about the JDev
mailing list