[Standards-JIG] JEP-0077: In-Band Registration

Piotr Szturmaj gacek999 at tlen.pl
Mon Jul 17 15:33:30 UTC 2006


Hi,

JEP-0077 says that passwords are sent plain. Why not hash them and store 
hashes only? Plain text password is a big lack of security, any person who 
have database access could read user's passwords. Also client application 
must store plain/encrypted password which can be readed anyway since it 
isn't one way encryption like hash.

-- 
Piotr Szturmaj
gacek999 [at] tlen [dot] pl 






More information about the Standards mailing list