[Standards-JIG] Re: JEP-0077: In-Band Registration
Piotr Szturmaj
gacek999 at tlen.pl
Mon Jul 17 11:10:30 CDT 2006
> Sending the password in plain text is not insecure if the channel is
> encrypted (SSL/TLS) and that's what the JEP recommends.
Yes, that's ok. But passwords stored in DB/disk can be easily readed. For
example in client's config file password must be in plain text (eventually
encrypted, anyway decryption is rather easy).
--
Piotr Szturmaj
gacek999 [at] tlen [dot] pl
More information about the Standards-JIG
mailing list