[JDEV] Account information storage, plaintext?
Peter Saint-Andre
stpeter at jabber.org
Tue Sep 16 17:07:39 CDT 2003
On Tue, Sep 16, 2003 at 02:54:12PM -0700, Justin Karneges wrote:
> Maybe the issue comes down to jabber:iq:register being incompatible with any
> SASL mechanism that does not use plaintext passwords. If we nix iq:register,
> does the problem go away? Maybe then the admin has to make a choice between
> supporting anonymous registrations vs having a more-secure system.
Maybe there is a good reason why user registration occurs outside
the protocol in other systems. I think in-band registration is fine for
registering with components, but doesn't make sense for registering your
main IM account.
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.php
More information about the JDev
mailing list