[jadmin] Re: jabberd14 'crypt' password storage in postgressql
Magnus Henoch
mange at freemail.hu
Wed Jun 13 06:49:17 CDT 2007
"Michał Minicki" <martel at post.pl> writes:
> I would like to trust my system administrator in keeping my credentials in
> a most secure way he is able to use. He's not the only one person who can
> get the access to this private data. And even if he is, I feel more at ease
> when I know getting the passwords is something complex, which requires more
> work than a plain and simple SQL query. Not to mention that running a
> man-in-a-middle attacks are much more harder to pull off by using simple
> exploits only.
You got it the wrong way. With encrypted passwords in the database,
man-in-the-middle attacks are _more_ likely to give the attacker your
password.
--
Magnus
JID: legoscia at jabber.cd.chalmers.se
More information about the JAdmin
mailing list