[Standards-JIG] JEP-0077: In-Band Registration
Piotr Szturmaj
gacek999 at tlen.pl
Mon Jul 17 10:33:30 CDT 2006
Hi,
JEP-0077 says that passwords are sent plain. Why not hash them and store
hashes only? Plain text password is a big lack of security, any person who
have database access could read user's passwords. Also client application
must store plain/encrypted password which can be readed anyway since it
isn't one way encryption like hash.
--
Piotr Szturmaj
gacek999 [at] tlen [dot] pl
More information about the Standards-JIG
mailing list