[JDEV] Account information storage, plaintext?

Bart van Bragt jabber at vanbragt.com
Mon Sep 15 04:00:12 CDT 2003

> Only specific users (such as the user that
> the server runs as) should have read access to these files. And of
> course, the administrator is implicitly trusted.
Should have :D
I do trust most server admins but nothing can guarantee me that they 
administer their servers properly. If a Jabber server gets compromised a 
_lot_ of users will lose their passwords and a _lot_ of users are using 
the same password for close to everything. Yes, that's really stupid of 
them but that's not the point. IMO it is very undesirable that passwords 
are stored in plaintext, IMO we should get rid of that ASAP :D I know 
we'll have to live with plaintext passwords for quite some time to come 
but IMO it would be a Good Thing(tm) if clients/servers would default to 
storing hashed passwords.


More information about the JDev mailing list