[Standards-JIG] Re: JEP-0077: In-Band Registration

Piotr Szturmaj gacek999 at tlen.pl
Mon Jul 17 16:10:30 UTC 2006

> Sending the password in plain text is not insecure if the channel is
> encrypted (SSL/TLS) and that's what the JEP recommends.

Yes, that's ok. But passwords stored in DB/disk can be easily readed. For 
example in client's config file password must be in plain text (eventually 
encrypted, anyway decryption is rather easy).

Piotr Szturmaj
gacek999 [at] tlen [dot] pl 

More information about the Standards mailing list