[jadmin] Re: jabberd14 'crypt' password storage in postgressql
Matthias Wimmer
m at tthias.eu
Sun Jun 3 17:15:41 CDT 2007
Magnus Henoch schrieb:
>> I think it can be a big security risk to store passwords in plaintext in
>> the database.
> Of course, not storing the passwords in plaintext is also a security
> risk, as the passwords must be sent in plaintext when a client is
> authenticating. Even if the connection is encrypted, it is vulnerable
> to man-in-the-middle attacks (if the client doesn't check the server's
> certificate, or if the certificate is stolen but not the database,
> etc).
... exactly.
--
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
More information about the JAdmin
mailing list