[Standards-JIG] Re: JEP-0077: In-Band Registration
gacek999 at tlen.pl
Mon Jul 17 16:10:30 UTC 2006
> Sending the password in plain text is not insecure if the channel is
> encrypted (SSL/TLS) and that's what the JEP recommends.
Yes, that's ok. But passwords stored in DB/disk can be easily readed. For
example in client's config file password must be in plain text (eventually
encrypted, anyway decryption is rather easy).
gacek999 [at] tlen [dot] pl
More information about the Standards