[jadmin] jabberd14 'crypt' password storage in postgressql

[Oliver Block]

Am Dienstag, 12. Juni 2007 17:57 schrieb Martel Valgoerad:
> Yet I must admit I already have been unpleasantly surprised when I
> discovered I was able to get unencrypted passwords out of ejabberd database
> as well.

What Martin means may be justified to a certain defree which I've understood 
was: By using SASL (cyrus SASL) we limit the risk of unsecure transport 
between client and server and accept the storage of plain text passwords. 
I would agree to the first part, but do find the second unacceptable.

Regards,

Oliver