[Standards-JIG] Re: JEP-0077: In-Band Registration

Piotr Szturmaj gacek999 at tlen.pl
Mon Jul 17 16:10:30 UTC 2006


> Sending the password in plain text is not insecure if the channel is
> encrypted (SSL/TLS) and that's what the JEP recommends.


Yes, that's ok. But passwords stored in DB/disk can be easily readed. For 
example in client's config file password must be in plain text (eventually 
encrypted, anyway decryption is rather easy).

-- 
Piotr Szturmaj
gacek999 [at] tlen [dot] pl 






More information about the Standards mailing list