|
Full Disclosure
mailing list archives
Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords
From: Shawn McMahon <smcmahon () eiv com>
Date: Wed, 4 Jun 2003 12:42:07 -0400
On Tue, Jun 03, 2003 at 09:35:28PM +0300, ????? ????? said:
There are a lot of reasons to store the passwords encrypted... And not
that much reasons to store them unencrypted - in fact, there is only one
good reason that i can think of, and it's the need to retrieve lost
passwords, but the best way to do that, is to keep a hardened database
of the unencrypted passwords, and use it for this sole purpose.
IMHO, a better way to do that is to provide a way for privileged users
to change the password, instead of maintaining it anywhere in cleartext.
--
Shawn McMahon | Let every nation know, whether it wishes us well or ill,
EIV Consulting | that we shall pay any price, bear any burden, meet any
UNIX and Linux | hardship, support any friend, oppose any foe, to assure
http://www.eiv.com| the survival and the success of liberty. - JFK
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
RE: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Mads Tansø (Jun 03)
Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords morning_wood (Jun 03)
RE: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Cushing, David (Jun 04)
|
Intro
