[JDEV] Account information storage, plaintext?

Matthias Wimmer m at tthias.net
Fri Sep 12 16:38:50 CDT 2003


Hi Jamin!

Jamin W. Collins schrieb am 2003-09-12 11:49:23:
> Does anyone else see it as a concern that the Jabber server (1.4.2
> release) and popular transports (aim-t, jit, msn-t, and yahoo-t) save
> user account information (user name and password) in plaintext for
> anyone with read access on the Jabber server to see?

This is a frequently asked question on this list.

At the moment with the existing jabberd 1.4.2 authentication schemes it
is needed that there is the passport available on the server for most
clients if you don't want to use plain text authenciation as it is
needed for digest authentication.
In the future hopefully more clients will support SASL authentication
with better authentication schemes and the server won't need to store
the plaintext authentication token then.


Tot kijk
    Matthias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20030912/6c4138c1/attachment-0002.pgp>


More information about the JDev mailing list