[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030604164207.GE10471@eiv.com>
From: smcmahon at eiv.com (Shawn McMahon)
Subject: Re: IRCXpro 1.0 - Clear local and default remote admin passwords
On Tue, Jun 03, 2003 at 09:35:28PM +0300, ????? ????? said:
>
> There are a lot of reasons to store the passwords encrypted... And not
> that much reasons to store them unencrypted - in fact, there is only one
> good reason that i can think of, and it's the need to retrieve lost
> passwords, but the best way to do that, is to keep a hardened database
> of the unencrypted passwords, and use it for this sole purpose.
IMHO, a better way to do that is to provide a way for privileged users
to change the password, instead of maintaining it anywhere in cleartext.
--
Shawn McMahon | Let every nation know, whether it wishes us well or ill,
EIV Consulting | that we shall pay any price, bear any burden, meet any
UNIX and Linux | hardship, support any friend, oppose any foe, to assure
http://www.eiv.com| the survival and the success of liberty. - JFK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030604/ea6ba295/attachment.bin
Powered by blists - more mailing lists