[Standards-JIG] JEP-0077: In-Band Registration
stpeter at jabber.org
Mon Jul 17 15:52:39 UTC 2006
Piotr Szturmaj wrote:
> JEP-0077 says that passwords are sent plain. Why not hash them and store
> hashes only? Plain text password is a big lack of security, any person who
> have database access could read user's passwords. Also client application
> must store plain/encrypted password which can be readed anyway since it
> isn't one way encryption like hash.
Sending the password in plain text is not insecure if the channel is
encrypted (SSL/TLS) and that's what the JEP recommends.
Jabber Software Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards